| Release | Version |
|---|---|
| bullseye | 6.1.0-1 |
| bullseye (security) | 6.1.0-1+deb11u4 |
| bookworm | 6.2.0-3+deb12u2 |
| bookworm (security) | 6.2.0-3+deb12u4 |
| trixie | 6.4.2-3 |
| trixie (security) | 6.4.2-3+deb13u2 |
| forky | 6.5.5-1 |
| sid | 6.5.5-1 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2026-35536 | fixed | vulnerable | vulnerable | fixed | fixed | In Tornado before 6.5.5, cookie attribute injection could occur becaus ... |
| CVE-2026-31958 | fixed | vulnerable | vulnerable | fixed | fixed | Tornado is a Python web framework and asynchronous networking library. ... |
| Bug | Description |
|---|---|
| CVE-2025-67726 | Tornado is a Python web framework and asynchronous networking library. ... |
| CVE-2025-67725 | Tornado is a Python web framework and asynchronous networking library. ... |
| CVE-2025-67724 | Tornado is a Python web framework and asynchronous networking library. ... |
| CVE-2025-47287 | Tornado is a Python web framework and asynchronous networking library. ... |
| CVE-2024-52804 | Tornado is a Python web framework and asynchronous networking library. ... |
| CVE-2023-28370 | Open redirect vulnerability in Tornado versions 6.3.1 and earlier allo ... |
| CVE-2014-9720 | Tornado before 3.2.2 sends arbitrary responses that contain a fixed CS ... |
| CVE-2013-2099 | Algorithmic complexity vulnerability in the ssl.match_hostname functio ... |
| CVE-2012-2374 | CRLF injection vulnerability in the tornado.web.RequestHandler.set_hea ... |
| DSA / DLA | Description |
|---|---|
| DSA-6195-1 | python-tornado - security update |
| DLA-4520-1 | python-tornado - security update |
| DLA-4461-1 | python-tornado - security update |
| DSA-5938-1 | python-tornado - security update |
| DLA-4188-1 | python-tornado - security update |
| DLA-4007-1 | python-tornado - security update |
| DLA-475-1 | python-tornado - security update |
| DLA-279-1 | python-tornado - security update |