[SECURITY] Fedora 17 Update: python-tornado-2.2.1-1.fc17

updates at fedoraproject.org updates at fedoraproject.org
Tue May 29 16:19:52 UTC 2012 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-8194
2012-05-21 16:51:41
--------------------------------------------------------------------------------

Name        : python-tornado
Product     : Fedora 17
Version     : 2.2.1
Release     : 1.fc17
URL         : http://www.tornadoweb.org
Summary     : Scalable, non-blocking web server and tools
Description :
Tornado is an open source version of the scalable, non-blocking web
server and tools.

The framework is distinct from most mainstream web server frameworks
(and certainly most Python frameworks) because it is non-blocking and
reasonably fast. Because it is non-blocking and uses epoll, it can
handle thousands of simultaneous standing connections, which means it is
ideal for real-time web services.

--------------------------------------------------------------------------------
Update Information:

Update to 2.2.1 which fixes an HTTP header injection vulnerability.
--------------------------------------------------------------------------------
ChangeLog:

* Sun May 20 2012 Thomas Spura <tomspur at fedoraproject.org> - 2.2.1-1
- update to upstream release 2.2.1 (fixes CVE-2012-2374)
- fix typo for epel6 macro bug #822972 (Florian La Roche)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #822852 - CVE-2012-2374 python-tornado: Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection
        https://bugzilla.redhat.com/show_bug.cgi?id=822852
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update python-tornado' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list