[Git][security-tracker-team/security-tracker][master] new tomcat issues

Moritz Muehlenhoff (@jmm) Tue, 10 Oct 2023 14:29:31 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
606bdb12 by Moritz Muehlenhoff at 2023-10-10T23:28:55+02:00
new tomcat issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,10 @@ CVE-2023-4837 (SmodBIP is vulnerable to Cross-Site Request 
Forgery, that could b
 CVE-2023-4309 (Election Services Co. (ESC) Internet Election Service is 
vulnerable to ...)
        NOT-FOR-US: Election Services Co. (ESC) Internet Election Service
 CVE-2023-45648 (Improper Input Validation vulnerability in Apache 
Tomcat.Tomcatfrom 11 ...)
-       TODO: check
+       - tomcat10 10.1.14-1
+       - tomcat9 <unfixed>
+       - tomcat8 <removed>
+       NOTE: https://www.openwall.com/lists/oss-security/2023/10/10/10
 CVE-2023-45601 (A vulnerability has been identified in Parasolid V35.0 (All 
versions < ...)
        NOT-FOR-US: Parasolid
 CVE-2023-45226 (The BIG-IP SPK TMM (Traffic Management Module) 
f5-debug-sidecar and f5 ...)
@@ -103,9 +106,15 @@ CVE-2023-43485 (When TACACS+ audit forwarding is 
configured on BIG-IP or BIG-IQ
 CVE-2023-42796 (A vulnerability has been identified in CP-8031 MASTER MODULE 
(All vers ...)
        NOT-FOR-US: Siemens
 CVE-2023-42795 (Incomplete Cleanup vulnerability in Apache Tomcat.When 
recycling vario ...)
-       TODO: check
+       - tomcat10 10.1.14-1
+       - tomcat9 <unfixed>
+       - tomcat8 <removed>
+       NOTE: https://www.openwall.com/lists/oss-security/2023/10/10/9
 CVE-2023-42794 (Incomplete Cleanup vulnerability in Apache Tomcat.  The 
internal fork  ...)
-       TODO: check
+       - tomcat10 <not-affected> (Windows-specific)
+       - tomcat9 <not-affected> (Windows-specific)
+       - tomcat8 <not-affected> (Windows-specific)
+       NOTE: https://www.openwall.com/lists/oss-security/2023/10/10/8
 CVE-2023-42788 (An improper neutralization of special elements used in an os 
command ( ...)
        NOT-FOR-US: Fortinet
 CVE-2023-42787 (A client-side enforcement of server-side security [CWE-602] 
vulnerabil ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -88,6 +88,10 @@ samba/oldstable
 --
 tiff (aron)
 --
+tomcat10 (apo)
+--
+tomcat9 (apo)
+--
 trafficserver
 --
 webkit2gtk



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/606bdb1210df32a43221a56e900a36e64befd5f8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/606bdb1210df32a43221a56e900a36e64befd5f8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new tomcat issues

Reply via email to