Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
343d4e83 by Markus Koschany at 2025-01-17T17:08:20+01:00
Reserve DSA-5845-1 for tomcat10
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8255,7 +8255,6 @@ CVE-2024-56348 (In JetBrains TeamCity before 2024.12
improper access control all
CVE-2024-56337 (Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerability in Apa ...)
{DLA-4017-1}
- tomcat10 10.1.34-1
- [bookworm] - tomcat10 <no-dsa> (Minor issue)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE: https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp
@@ -8885,7 +8884,6 @@ CVE-2024-55496 (A vulnerability has been found in the
1000projects Bookstore Man
NOT-FOR-US: 1000projects Bookstore Management System PHP MySQL Project
CVE-2024-54677 (Uncontrolled Resource Consumption vulnerability in the
examples web ap ...)
- tomcat10 10.1.34-1
- [bookworm] - tomcat10 <no-dsa> (Minor issue)
- tomcat9 9.0.70-2
[bullseye] - tomcat9 <ignored> (Minor issue)
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
@@ -8918,7 +8916,6 @@ CVE-2024-51479 (Next.js is a React framework for building
full-stack web applica
CVE-2024-50379 (Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerability during ...)
{DLA-4017-1}
- tomcat10 10.1.34-1
- [bookworm] - tomcat10 <no-dsa> (Minor issue)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE: https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
@@ -17510,7 +17507,6 @@ CVE-2024-52317 (Incorrect object re-cycling and re-use
vulnerability in Apache T
CVE-2024-52316 (Unchecked Error Condition vulnerability in Apache Tomcat. If
Tomcat is ...)
{DLA-4017-1}
- tomcat10 10.1.31-1
- [bookworm] - tomcat10 <postponed> (Minor issue, fixed along in next DSA)
- tomcat9 9.0.70-2
NOTE: https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928
NOTE:
https://github.com/apache/tomcat/commit/acc2f01395f895980f5d8a64573fcc1bade13369
(10.1.31)
@@ -52757,7 +52753,6 @@ CVE-2024-35227 (Discourse is an open-source discussion
platform. Prior to versio
CVE-2024-38286 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
{DLA-4017-1}
- tomcat10 10.1.25-1
- [bookworm] - tomcat10 <postponed> (Minor issue, fixed along in next DSA)
- tomcat9 9.0.70-2
NOTE: https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
NOTE:
https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543
(10.1.25)
@@ -52765,7 +52760,6 @@ CVE-2024-38286 (Allocation of Resources Without Limits
or Throttling vulnerabili
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
CVE-2024-34750 (Improper Handling of Exceptional Conditions, Uncontrolled
Resource Con ...)
- tomcat10 10.1.25-1
- [bookworm] - tomcat10 <postponed> (Minor issue, fixed along in next DSA)
- tomcat9 9.0.70-2
[bullseye] - tomcat9 <postponed> (Minor issue, fixed along in next DSA)
NOTE: https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Jan 2025] DSA-5845-1 tomcat10 - security update
+ {CVE-2024-34750 CVE-2024-38286 CVE-2024-50379 CVE-2024-52316
CVE-2024-54677 CVE-2024-56337}
+ [bookworm] - tomcat10 10.1.34-0+deb12u1
[16 Jan 2025] DSA-5843-2 rsync - regression update
[bookworm] - rsync 3.2.7-1+deb12u2
[15 Jan 2025] DSA-5844-1 chromium - security update
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/343d4e831e3d5f01b0ae8a964332296247593555
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/343d4e831e3d5f01b0ae8a964332296247593555
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
