mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-17 06:50:07 +00:00
Sudhir Dumbhare
85aa67fa07
This patch applies the upstream fix as referenced in [2], which addresses a Tornado flaw where crafted multipart/form-data requests can trigger excessive synchronous parsing and cause denial of service using the commit shown in [1]. [1] https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839 [2] https://security-tracker.debian.org/tracker/CVE-2026-31958 Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-31958 Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>