From 0e149e459110ab0fb046658026f0f293f6058e2c Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Thu, 8 Jan 2026 08:46:15 +0100
Subject: python3-tornado: patch CVE-2023-28370

Details: https://nvd.nist.gov/vuln/detail/CVE-2023-28370

The NVD advisory mentions that the vulnerability was fixed
in v6.3.2. I checked the commits in that tag, and picked the
only one that's commit message described the same vulnerability
as the NVD report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-python/recipes-devtools/python/python3-tornado_6.1.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta-python/recipes-devtools/python/python3-tornado_6.1.bb')

diff --git a/meta-python/recipes-devtools/python/python3-tornado_6.1.bb b/meta-python/recipes-devtools/python/python3-tornado_6.1.bb
index 1dedc51029..d4cb58febc 100644
--- a/meta-python/recipes-devtools/python/python3-tornado_6.1.bb
+++ b/meta-python/recipes-devtools/python/python3-tornado_6.1.bb
@@ -6,6 +6,7 @@ HOMEPAGE = "http://www.tornadoweb.org/en/stable/"
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
 
+SRC_URI += "file://CVE-2023-28370.patch"
 SRC_URI[md5sum] = "f324f5e7607798552359d6ab054c4321"
 SRC_URI[sha256sum] = "33c6e81d7bd55b468d2e793517c909b139960b6c790a60b7991b9b6b76fb9791"
 
-- 
cgit v1.2.3-54-g00ecf