Date: Tue, 19 May 2015 11:01:48 +0200 From: Vasyl Kaigorodov <vkaigoro@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: python-tornado: XSRF cookie allows side-channel attack against TLS (BREACH) Version 3.2.2 of Tornado fixes BREACH attach possibility: https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308 References: https://bugzilla.novell.com/show_bug.cgi?id=930362 https://bugzilla.redhat.com/show_bug.cgi?id=1222816 Can a CVE be assigned for this please? Thanks. -- Vasyl Kaigorodov | Red Hat Product Security PGP: 0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828 Free/Busy status: https://url.corp.redhat.com/vk-free-busy-status Come talk to Red Hat Product Security at the Summit! Red Hat Summit 2015 - https://www.redhat.com/summit/ Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.