Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
921e3389 by Salvatore Bonaccorso at 2025-03-18T07:38:25+01:00
Reference upstream commits for tomcat issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1917,6 +1917,8 @@ CVE-2025-24813 (Path Equivalence: 'file.Name' (Internal
Dot) leading toRemote Co
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq
+ NOTE: Fixed by:
https://github.com/apache/tomcat/commit/f6c01d6577cf9a1e06792be47e623d36acc3b5dc
(10.1.35)
+ NOTE: Fixed by:
https://github.com/apache/tomcat/commit/eb61aade8f8daccaecabf07d428b877975622f72
(9.0.99)
CVE-2025-24387 (A vulnerability in OTRS Application Server allows session
hijacking du ...)
NOT-FOR-US: OTRS
NOTE: Could possibly affect Znuny, we'll let their security team figure
it out
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/921e3389948a126712436ca26a7cdbdb6d4cbacd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/921e3389948a126712436ca26a7cdbdb6d4cbacd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
