Fedora 24 : python-tornado (2016-a3618d9ef6)
Update to 4.4.2 Security fixes - A difference in cookie parsing between Tornado and web browsers especially when combined with Google Analytics could allow an attacker to set arbitrary cookies and bypass XSRF protection. The cookie parser has been rewritten to fix this attack...