python/python-tornado6
SHA256
14
0
Fork 0
forked from pool/python-tornado6
Code Pull Requests Activity

- Update to 6.4.2:

Browse Source 
+ Security Improvements:
    * Parsing of the cookie header is now much more efficient. The older
      algorithm sometimes had quadratic performance which allowed for a
      denial-of-service attack in which the server would spend excessive
      CPU time parsing cookies and block the event loop.
      (CVE-2024-52804, bsc#1233668)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-tornado6?expand=0&rev=44
This commit is contained in:
Steve Kowalik
2024-11-25 03:21:09 +00:00
committed by Git OBS Bridge
parent b24bb6e932
commit f643909438
4 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
python-tornado6.changes
View File

@@ -1,3 +1,14 @@
-------------------------------------------------------------------
Mon Nov 25 03:19:20 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
- Update to 6.4.2:
+ Security Improvements:
* Parsing of the cookie header is now much more efficient. The older
algorithm sometimes had quadratic performance which allowed for a
denial-of-service attack in which the server would spend excessive
CPU time parsing cookies and block the event loop.
(CVE-2024-52804, bsc#1233668)
-------------------------------------------------------------------
Wed Jul 31 09:32:23 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>