{"id":"MGASA-2026-0092","summary":"Updated python-tornado packages fix security vulnerabilities","details":"Tornado vulnerable to Header Injection and XSS via reason argument.\n(CVE-2025-67724)\nTornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing.\n(CVE-2025-67725)\nTornado is Vulnerable to Quadratic DoS via Crafted Multipart Parameters.\n(CVE-2025-67726)\n","modified":"2026-04-16T00:10:05.093694574Z","published":"2026-04-10T17:11:05Z","upstream":["CVE-2025-67724","CVE-2025-67725","CVE-2025-67726"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2026-0092.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=35326"},{"type":"WEB","url":"https://lists.debian.org/debian-security-announce/2026/msg00104.html"}],"affected":[{"package":{"name":"python-tornado","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/python-tornado?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.3.2-1.3.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0092.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}