Mageia alert MGASA-2016-0418 (python-tornado)


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2016-0418: Updated python-tornado package fixes security vulnerability 
Date:
    	       Sun, 11 Dec 2016 23:44:33 +0100
Message-ID:
    	       <20161211224433.E70C79F7AE@duvel.mageia.org>
MGASA-2016-0418 - Updated python-tornado package fixes security vulnerability

Publication date: 11 Dec 2016
URL: http://advisories.mageia.org/MGASA-2016-0418.html
Type: security
Affected Mageia releases: 5

Description:
A difference in cookie parsing between Tornado and web browsers
(especially when combined with Google Analytics) could allow an attacker
to set arbitrary cookies and bypass XSRF protection. The cookie parser
has been rewritten to fix this attack.

References:
- https://bugs.mageia.org/show_bug.cgi?id=19859
-
https://lists.fedoraproject.org/archives/list/package-ann...

SRPMS:
- 5/core/python-tornado-3.2.2-4.2.mga5

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2016-0418: Updated python-tornado package fixes security vulnerability
Date:		Sun, 11 Dec 2016 23:44:33 +0100
Message-ID:		<20161211224433.E70C79F7AE@duvel.mageia.org>