From Mageia wiki
MGASA-2012-0117
| Date: | June 19th, 2012 |
| Affected releases: | 2 |
Description:
Updated python-tornado package fixes security vulnerability:
CRLF injection vulnerability in thetornado.web.RequestHandler.set_header
function in Tornado before 2.2.1 allows remote attackers to inject
arbitrary HTTP headers and conduct HTTP response splitting attacks
via crafted input (CVE-2012-2374).
Updated Packages:
python-tornado-2.2.1-1.mga2
python-tornado-doc-2.2.1-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2374
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081486.html
https://bugs.mageia.org/show_bug.cgi?id=6165
