[Git][security-tracker-team/security-tracker][master] CVE-2026-35536 assigned for one python-tornado issue

Thu, 02 Apr 2026 22:40:56 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
aa37f4e9 by Salvatore Bonaccorso at 2026-04-03T07:40:14+02:00
CVE-2026-35536 assigned for one python-tornado issue

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2096,9 +2096,8 @@ CVE-2026-33691 (The OWASP core rule set (CRS) is a set of 
generic attack detecti
        [trixie] - modsecurity-crs <no-dsa> (Minor issue)
        [bookworm] - modsecurity-crs <no-dsa> (Minor issue)
        NOTE: 
https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w
-CVE-2026-XXXX [Incomplete validation of cookie attributes]
+CVE-2026-35536 [Incomplete validation of cookie attributes]
        - python-tornado 6.5.5-1 (bug #1132367)
-       [bullseye] - python-tornado 6.1.0-1+deb11u4
        NOTE: 
https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7
        NOTE: Fixed by: 
https://github.com/tornadoweb/tornado/commit/24a2d96ea115f663b223887deb0060f13974c104
 (v6.5.5)
 CVE-2026-5046 (A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected 
is the f ...)


=====================================
data/DLA/list
=====================================
@@ -2,7 +2,7 @@
        {CVE-2026-33416 CVE-2026-33636}
        [bullseye] - libpng1.6 1.6.37-3+deb11u3
 [01 Apr 2026] DLA-4520-1 python-tornado - security update
-       {CVE-2026-31958}
+       {CVE-2026-31958 CVE-2026-35536}
        [bullseye] - python-tornado 6.1.0-1+deb11u4
 [31 Mar 2026] DLA-4519-1 netty - security update
        {CVE-2024-29025 CVE-2025-55163 CVE-2025-58056 CVE-2025-58057 
CVE-2025-59419 CVE-2025-67735}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa37f4e9f6796c0f4018170233d2d9986714239c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa37f4e9f6796c0f4018170233d2d9986714239c
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to