Debian Patches
Status for python-tornado/6.2.0-3+deb12u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| disable-domain-tests.patch | Disable domain tests to prevent internet access during build | SVN-Git Migration <python-modules-team@lists.alioth.debian.org> | invalid | 2015-10-08 | ||
| ignoreuserwarning.patch | ignore userwarning in tests Required to run tests from source with the package already installed. Else one gets check_version_conflict warning from pkg_resources. |
SVN-Git Migration <python-modules-team@lists.alioth.debian.org> | no | 2015-10-08 | ||
| fix-ftbfs-on-hurd.patch | skip UnixSocketTest on hurd, as unix sockets with SO_REUSEADDR are not supported there A little discussion about unix sockets with SO_REUSEADDR can be found on https://lists.gnu.org/archive/html/bug-hurd/2016-01/msg00039.html |
Mattia Rizzolo <mattia@debian.org> | no | 2016-05-21 | ||
| 0006-Use-local-objects.inv-for-intersphinx-mapping.patch | Use local objects.inv for intersphinx mapping | =?utf-8?b?T25kxZllaiBOb3bDvQ==?= <onovy@debian.org> | invalid | 2016-08-03 | ||
| 0007-Higher-test_gc-timeout.patch | Set timeout in test_gc to higher value | =?utf-8?b?T25kxZllaiBOb3bDvQ==?= <onovy@debian.org> | not-needed | 2020-04-02 | ||
| ignore-py310-deprecation-warnings.patch | Ignore known DeprecationWarnings under Python 3.10 Python 3.10 triggers several DeprecationWarnings that haven't been resolved yet, upstream. There are going to be API changes required and they haven't been decided on, yet. |
Stefano Rivera <stefanor@debian.org> | not-needed | debian | 2021-11-20 | |
| CVE-2024-52804.patch | httputil: Fix quadratic performance of cookie parsing Maliciously-crafted cookies can cause Tornado to spend an unreasonable amount of CPU time and block the event loop. This change replaces the quadratic algorithm with a more efficient one. The implementation is copied from the Python 3.13 standard library (the previous one was from Python 3.5). Fixes CVE-2024-52804 See CVE-2024-7592 for a similar vulnerability in cpython. Thanks to github.com/kexinoh for the report. |
Ben Darnell <ben@bendarnell.com> | yes | debian upstream | https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533.patch | 2024-11-21 |
| CVE-2023-28370-1.patch | web: Fix an open redirect in StaticFileHandler Under some configurations the default_filename redirect could be exploited to redirect to an attacker-controlled site. This change refuses to redirect to URLs that could be misinterpreted. A test case for the specific vulnerable configuration will follow after the patch has been available. |
Ben Darnell <ben@bendarnell.com> | yes | debian upstream | https://github.com/tornadoweb/tornado/pull/3266 | 2023-05-13 |
| CVE-2023-28370-2.patch | test: Add test for open redirect fixed in 6.3.2 | Ben Darnell <ben@bendarnell.com> | yes | debian upstream | https://github.com/tornadoweb/tornado/pull/3276 | 2023-06-06 |
| CVE-2025-47287.patch | httputil: Raise errors instead of logging in multipart/form-data parsing We used to continue after logging an error, which allowed repeated errors to spam the logs. The error raised here will still be logged, but only once per request, consistent with other error handling in Tornado. |
Ben Darnell <ben@bendarnell.com> | yes | debian upstream | https://github.com/tornadoweb/tornado/pull/3497 | 2025-05-08 |
All known versions for source package 'python-tornado'
- 6.5.2-1 (experimental)
- 6.4.2-3 (sid, forky, trixie)
- 6.2.0-3+deb12u2 (bookworm-security, bookworm)