[Git][security-tracker-team/security-tracker][master] CVE-2026-35536 assigned for one python-tornado issue

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 3 06:40:46 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aa37f4e9 by Salvatore Bonaccorso at 2026-04-03T07:40:14+02:00
CVE-2026-35536 assigned for one python-tornado issue

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2096,9 +2096,8 @@ CVE-2026-33691 (The OWASP core rule set (CRS) is a set of generic attack detecti
 	[trixie] - modsecurity-crs <no-dsa> (Minor issue)
 	[bookworm] - modsecurity-crs <no-dsa> (Minor issue)
 	NOTE: https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w
-CVE-2026-XXXX [Incomplete validation of cookie attributes]
+CVE-2026-35536 [Incomplete validation of cookie attributes]
 	- python-tornado 6.5.5-1 (bug #1132367)
-	[bullseye] - python-tornado 6.1.0-1+deb11u4
 	NOTE: https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7
 	NOTE: Fixed by: https://github.com/tornadoweb/tornado/commit/24a2d96ea115f663b223887deb0060f13974c104 (v6.5.5)
 CVE-2026-5046 (A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the f ...)


=====================================
data/DLA/list
=====================================
@@ -2,7 +2,7 @@
 	{CVE-2026-33416 CVE-2026-33636}
 	[bullseye] - libpng1.6 1.6.37-3+deb11u3
 [01 Apr 2026] DLA-4520-1 python-tornado - security update
-	{CVE-2026-31958}
+	{CVE-2026-31958 CVE-2026-35536}
 	[bullseye] - python-tornado 6.1.0-1+deb11u4
 [31 Mar 2026] DLA-4519-1 netty - security update
 	{CVE-2024-29025 CVE-2025-55163 CVE-2025-58056 CVE-2025-58057 CVE-2025-59419 CVE-2025-67735}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa37f4e9f6796c0f4018170233d2d9986714239c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa37f4e9f6796c0f4018170233d2d9986714239c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260403/645ace2a/attachment.htm>

More information about the debian-security-tracker-commits mailing list