[ptxdist] [PATCH] python3-tornado: version bump 6.5.1 -> 6.5.5

mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed

From: Artur Wiebe via ptxdist <ptxdist@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Artur Wiebe <artur@4wiebe.de>
Subject: [ptxdist] [PATCH] python3-tornado: version bump 6.5.1 -> 6.5.5
Date: Fri, 17 Apr 2026 12:27:45 +0200	[thread overview]
Message-ID: <20260417102745.86171-1-artur@4wiebe.de> (raw)

Changes between 6.5.1 and 6.5.5:
- 6.5.2: WebSocket ping interval fix, improved Host header handling,
  restored deprecated host argument on HTTPServerRequest, misc fixes.
- 6.5.3: Security fixes for CVE-2025-67724 (header injection/XSS in
  set_status reason), CVE-2025-67725 (DoS via repeated HTTP headers),
  CVE-2025-67726 (DoS via multipart/form-data parsing).
- 6.5.4: Restore case-insensitive "in" operator on HTTPHeaders
  (regression in 6.5.3).
- 6.5.5: Security fixes: limit multipart/form-data to 100 parts by
  default, validate cookie domain/path/samesite arguments, reject CR
  in multipart headers.

License unchanged (Apache-2.0).

Signed-off-by: Artur Wiebe <artur@4wiebe.de>
---
 rules/python3-tornado.make | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/python3-tornado.make b/rules/python3-tornado.make
index b70b63654..d364ef668 100644
--- a/rules/python3-tornado.make
+++ b/rules/python3-tornado.make
@@ -11,8 +11,8 @@
 #
 PACKAGES-$(PTXCONF_PYTHON3_TORNADO) += python3-tornado
 
-PYTHON3_TORNADO_VERSION	:= 6.5.1
-PYTHON3_TORNADO_MD5	:= e3e3d74e2fedffacdacd8626d0c17a37
+PYTHON3_TORNADO_VERSION	:= 6.5.5
+PYTHON3_TORNADO_MD5	:= 765aacc9cb8931aa66c8f3a83050120c
 PYTHON3_TORNADO		:= tornado-$(PYTHON3_TORNADO_VERSION)
 PYTHON3_TORNADO_SUFFIX	:= tar.gz
 PYTHON3_TORNADO_URL	:= $(call ptx/mirror-pypi, tornado, $(PYTHON3_TORNADO).$(PYTHON3_TORNADO_SUFFIX))
-- 
2.53.0

                 reply	other threads:[~2026-04-17 10:28 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260417102745.86171-1-artur@4wiebe.de \
    --to=ptxdist@pengutronix.de \
    --cc=artur@4wiebe.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox