1 issue left for the package maintainer to handle:
CVE-2023-28370:
(needs triaging)
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
Among the 7 debian patches
available in version 6.4.1-3 of the package,
we noticed the following issues:
1 patch
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.