It was discovered that python-tornado, a Python web framework and
asynchronous networking library, was susceptible for the BREACH attack.
The XSRF token is now encoded with a random mask on each request. This
makes it safe to include in compressed pages without being vulnerable.
For Debian 7 Wheezy, these problems have been fixed in version
2.3-2+deb7u1.
We recommend that you upgrade your python-tornado packages.
CPE | Name | Operator | Version |
---|---|---|---|
python-tornado | eq | 2.3-2 |