Merge lp:~jtaylor/ubuntu/precise/python-tornado/CVE-2012-2374 into lp:ubuntu/precise/python-tornado

Proposed by Julian Taylor on 2012-05-22
Status: Merged
Merge reported by: Julian Taylor
Merged at revision: not available
Proposed branch: lp:~jtaylor/ubuntu/precise/python-tornado/CVE-2012-2374
Merge into: lp:ubuntu/precise/python-tornado
Diff against target: 58 lines (+27/-1)
4 files modified
debian/changelog (+9/-0)
debian/control (+2/-1)
debian/patches/CVE-2012-2374.patch (+15/-0)
debian/patches/series (+1/-0)
To merge this branch: bzr merge lp:~jtaylor/ubuntu/precise/python-tornado/CVE-2012-2374
Reviewer Review Type Date Requested Status
Jamie Strandboge Approve on 2012-05-30
Ubuntu branches 2012-05-22 Pending
Review via email: mp+106863@code.launchpad.net
To post a comment you must log in.
Jamie Strandboge (jdstrand) wrote :

Steve Beattie approved this already and the issue is fixed.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2012-03-13 18:08:33 +0000
3+++ debian/changelog 2012-05-22 17:30:27 +0000
4@@ -1,3 +1,12 @@
5+python-tornado (2.1.0-2ubuntu0.1) precise-security; urgency=low
6+
7+ * SECURITY UPDATE: http header injection (LP: #1003019)
8+ - debian/patches/CVE-2012-2374.patch: fix header sanitation
9+ thanks to Ben Darnell
10+ - CVE-2012-2374
11+
12+ -- Julian Taylor <jtaylor@ubuntu.com> Tue, 22 May 2012 19:14:51 +0200
13+
14 python-tornado (2.1.0-2) unstable; urgency=low
15
16 [ Thomas Kluyver ]
17
18=== modified file 'debian/control'
19--- debian/control 2012-03-13 18:08:33 +0000
20+++ debian/control 2012-05-22 17:30:27 +0000
21@@ -3,7 +3,8 @@
22 X-Python-Version: >= 2.5
23 X-Python3-Version: >= 3.2
24 Priority: optional
25-Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
26+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
27+XSBC-Original-Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
28 Uploaders: Carl Chenet <chaica@ohmytux.com>,
29 Yaroslav Halchenko <debian@onerussian.com>
30 Build-Depends: debhelper (>= 7.0.50~),
31
32=== added file 'debian/patches/CVE-2012-2374.patch'
33--- debian/patches/CVE-2012-2374.patch 1970-01-01 00:00:00 +0000
34+++ debian/patches/CVE-2012-2374.patch 2012-05-22 17:30:27 +0000
35@@ -0,0 +1,15 @@
36+Description: fix CVE-2012-2374
37+Applied-Upstream: 2.2.1
38+Origin: https://github.com/facebook/tornado/commit/1ae91f6d58e6257e0ab49d295d8741ce1727bdb7
39+Author: Julian Taylor <jtaylor@ubuntu.com>
40+--- a/tornado/web.py
41++++ b/tornado/web.py
42+@@ -258,7 +258,7 @@
43+ # If \n is allowed into the header, it is possible to inject
44+ # additional headers or split the request. Also cap length to
45+ # prevent obviously erroneous values.
46+- if len(value) > 4000 or re.match(b(r"[\x00-\x1f]"), value):
47++ if len(value) > 4000 or re.search(b(r"[\x00-\x1f]"), value):
48+ raise ValueError("Unsafe header value %r", value)
49+ return value
50+
51
52=== modified file 'debian/patches/series'
53--- debian/patches/series 2011-03-01 02:38:06 +0000
54+++ debian/patches/series 2012-05-22 17:30:27 +0000
55@@ -1,2 +1,3 @@
56 ignore-ca-certificates.patch
57 certs-path.patch
58+CVE-2012-2374.patch

Subscribers

People subscribed via source and target branches

to all changes: