|
|
Subscribe / Log in / New account

python-tornado: side-channel attack

Package(s):python-tornado CVE #(s):CVE-2014-9720
Created:June 9, 2015 Updated:May 16, 2016
Description: From the Tornado 3.2.2 release announcement:

The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages without being vulnerable to the BREACH attack. This applies to most applications that use both the xsrf_cookies and gzip options (or have gzip applied by a proxy).

Alerts:
Debian-LTS DLA-475-1 python-tornado 2016-05-15
openSUSE openSUSE-SU-2015:1998-1 python-tornado 2015-11-16
Debian-LTS DLA-279-1 python-tornado 2015-07-22
Mageia MGASA-2015-0251 python-tornado 2015-07-01
Fedora FEDORA-2015-9143 python-tornado 2015-06-09
Fedora FEDORA-2015-8606 python-tornado 2015-06-10
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds