| Release | Version |
|---|---|
| jessie | 3.2.2-1.1 |
| stretch | 4.4.3-1 |
| buster | 5.1.1-4 |
| bullseye | 6.1.0-1 |
| bookworm | 6.2.0-3 |
| trixie | 6.4.1-3 |
| sid | 6.4.1-3 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-52804 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Tornado is a Python web framework and asynchronous networking library. ... |
| CVE-2023-28370 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Open redirect vulnerability in Tornado versions 6.3.1 and earlier allo ... |
| Bug | Description |
|---|---|
| CVE-2014-9720 | Tornado before 3.2.2 sends arbitrary responses that contain a fixed CS ... |
| CVE-2013-2099 | Algorithmic complexity vulnerability in the ssl.match_hostname functio ... |
| CVE-2012-2374 | CRLF injection vulnerability in the tornado.web.RequestHandler.set_hea ... |
| DSA / DLA | Description |
|---|---|
| DLA-475-1 | python-tornado - security update |
| DLA-279-1 | python-tornado - security update |