1 files changed, 9 insertions, 0 deletions

diff --git a/nixpkgs/pkgs/development/python-modules/tornado/5.nix b/nixpkgs/pkgs/development/python-modules/tornado/5.nix
index d3961d06c405..8ba3a8c073ba 100644
--- a/nixpkgs/pkgs/development/python-modules/tornado/5.nix
+++ b/nixpkgs/pkgs/development/python-modules/tornado/5.nix
@@ -2,6 +2,7 @@
 , unittestCheckHook
 , buildPythonPackage
 , fetchPypi
+, fetchpatch
 , isPy27
 , pythonAtLeast
 }:
@@ -16,6 +17,14 @@ buildPythonPackage rec {
     sha256 = "4e5158d97583502a7e2739951553cbd88a72076f152b4b11b64b9a10c4c49409";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2023-28370.patch";
+      url = "https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f.patch";
+      hash = "sha256-2dpPHkNThOaZD8T2g1vb/I5WYZ/vy/t690539uprJyc=";
+    })
+  ];
+
   nativeCheckInputs = [ unittestCheckHook ];
 
   # We specify the name of the test files to prevent