Certain input is not properly sanitised in the "tornado.web.RequestHandler.set_header()" function before being used to display HTTP headers. This can be exploited to include arbitrary HTTP headers in a response sent to the user. The vulnerability is reported in versions prior to 2.2.1. Solution Update to version 2.2.1. Provided and/or discovered by Reported by the vendor. Original Advisory http://www.tornadoweb.org/documentation/releases/v2.2.1.html Version 2.2.1 is already stable @bug 415903 and old versions simply need to be removed. Bug for tracking purposes.
@security: please vote
Thanks, everyone. GLSA vote: no.
GLSA Vote: no too, closing noglsa.