Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a3ee8176 by Salvatore Bonaccorso at 2024-12-17T21:49:22+01:00
Add CVE-2024-50379/tomcat
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -32,7 +32,15 @@ CVE-2024-52542 (Dell AppSync, version 4.6.0.x, contain a
Symbolic Link (Symlink)
CVE-2024-51479 (Next.js is a React framework for building full-stack web
applications. ...)
TODO: check
CVE-2024-50379 (Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerability during ...)
- TODO: check
+ - tomcat10 10.1.34-1
+ [bookworm] - tomcat10 <no-dsa> (Minor issue)
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
+ NOTE: https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
+ NOTE:
https://github.com/apache/tomcat/commit/8554f6b1722b33a2ce8b0a3fad37825f3a75f2d2
(10.1.34)
+ NOTE:
https://github.com/apache/tomcat/commit/05ddeeaa54df1e2dc427d0164bedd6b79f78d81f
(10.1.34)
+ NOTE:
https://github.com/apache/tomcat/commit/43b507ebac9d268b1ea3d908e296cc6e46795c00
(9.0.98)
+ NOTE:
https://github.com/apache/tomcat/commit/631500b0c9b2a2a2abb707e3de2e10a5936e5d41
(9.0.98)
CVE-2024-49820 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0,
and 4.2 ...)
NOT-FOR-US: IBM
CVE-2024-49819 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0,
and 4.2 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3ee8176fce4dbc1fe448036f2e402986c5392f7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3ee8176fce4dbc1fe448036f2e402986c5392f7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
