Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9986fe53 by Salvatore Bonaccorso at 2025-04-28T22:35:38+02:00
Add two new tomcat issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -84,9 +84,29 @@ CVE-2025-32471 (The device\u2019s passwords have not been
adequately salted, mak
CVE-2025-32470 (A remote unauthenticated attacker may be able to change the IP
adress ...)
NOT-FOR-US: SICK AG
CVE-2025-31651 (Improper Neutralization of Escape, Meta, or Control Sequences
vulnerab ...)
- TODO: check
+ - tomcat11 11.0.6-1
+ - tomcat10 10.1.40-1
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
+ NOTE: Fixed by:
https://github.com/apache/tomcat/commit/fbecc915a10c5a3d634c5e2c6ced4ff479ce9953
(11.0.6)
+ NOTE: Fixed by:
https://github.com/apache/tomcat/commit/066bf6b6a15a4e7e0941d4acf096841165b97098
(10.1.40)
+ NOTE: Fixed by:
https://github.com/apache/tomcat/commit/ee3ab548e92345eca0cbd1f01649eb36c6f29454
(9.0.104)
+ NOTE: Fixed by:
https://github.com/apache/tomcat/commit/175dc75fc428930034a6c93fb52f830d955d8e64
(9.0.104)
CVE-2025-31650 (Improper Input Validation vulnerability in Apache Tomcat.
Incorrect er ...)
- TODO: check
+ - tomcat11 11.0.6-1
+ - tomcat10 10.1.40-1
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
+ NOTE: https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826
+ NOTE: Fixed by:
https://github.com/apache/tomcat/commit/75554da2fc5574862510ae6f0d7b3d78937f1d40
(11.0.6)
+ NOTE: Fixed by:
https://github.com/apache/tomcat/commit/f619e6a05029538886d5a9d987925d573b5bb8c2
(11.0.6)
+ NOTE: Fixed by:
https://github.com/apache/tomcat/commit/ded0285b96b4d3f5560dfc8856ad5ec4a9b50ba9
(11.0.6)
+ NOTE: Fixed by:
https://github.com/apache/tomcat/commit/cba1a0fe1289ee7f5dd46c61c38d1e1ac5437bff
(10.1.40)
+ NOTE: Fixed by:
https://github.com/apache/tomcat/commit/1eef1dc459c45f1e421d8bd25ef340fc1cc34edc
(10.1.40)
+ NOTE: Fixed by:
https://github.com/apache/tomcat/commit/8cc3b8fb3f2d8d4d6a757e014f19d1fafa948a60
(10.1.40)
+ NOTE: Fixed by:
https://github.com/apache/tomcat/commit/40ae788c2e64d018b4e58cd4210bb96434d0100d
(9.0.104)
+ NOTE: Fixed by:
https://github.com/apache/tomcat/commit/b98e74f517b36929f4208506e5adad22cb767baa
(9.0.104)
+ NOTE: Fixed by:
https://github.com/apache/tomcat/commit/b7674782679e1514a0d154166b1d04d38aaac4a9
(9.0.104)
CVE-2025-25776 (Cross-Site Scripting (XSS) vulnerability exists in the User
Registrati ...)
NOT-FOR-US: CodeAstro
CVE-2025-23377 (Dell PowerProtect Data Manager Reporting, version(s) 19.17,
19.18 cont ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9986fe53c29f6088262514e43582e45e6ba1222d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9986fe53c29f6088262514e43582e45e6ba1222d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
