Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7cb2a396 by Salvatore Bonaccorso at 2025-07-10T23:51:03+02:00
Add new tomcat issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -61,7 +61,13 @@ CVE-2025-53549 (The Matrix Rust SDK is a collection of
libraries that make it ea
CVE-2025-53542 (Headlamp is an extensible Kubernetes web UI. A command
injection vulne ...)
TODO: check
CVE-2025-53506 (Uncontrolled Resource Consumption vulnerability in Apache
Tomcat if an ...)
- TODO: check
+ - tomcat11 <unfixed>
+ - tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
+ NOTE:
https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b
(11.0.9)
+ NOTE:
https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb
(10.1.43)
+ NOTE:
https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b
(9.0.107)
CVE-2025-53503 (Trend Micro Cleaner One Pro is vulnerable to a Privilege
Escalation vu ...)
NOT-FOR-US: Trend Micro
CVE-2025-53378 (A missing authentication vulnerability in Trend Micro
Worry-Free Busin ...)
@@ -78,13 +84,21 @@ CVE-2025-52837 (Trend Micro Password Manager (Consumer)
version 5.8.0.1327 and b
CVE-2025-52521 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link
following ...)
NOT-FOR-US: Trend Micro
CVE-2025-52520 (For some unlikely configurations of multipart upload, an
Integer Overf ...)
- TODO: check
+ - tomcat11 <unfixed>
+ - tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
+ NOTE:
https://github.com/apache/tomcat/commit/a51e4bedccfafd35b7cdd0ee3e22267dee9f90db
(11.0.9)
+ NOTE:
https://github.com/apache/tomcat/commit/fc42bbccb9041fafd194fbfdf3eab1d44cb5c45c
(10.1.43)
+ NOTE:
https://github.com/apache/tomcat/commit/927d66fbc294cb65242102b817a45fd80834e040
(9.0.107)
CVE-2025-52473 (liboqs is a C-language cryptographic library that provides
implementat ...)
- liboqs <removed>
NOTE:
https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-qq3m-rq9v-jfgm
NOTE:
https://github.com/open-quantum-safe/liboqs/commit/4215362acbf69b88fe1777c4c052f154e29f9897
(0.14.0-rc1)
CVE-2025-52434 (Concurrent Execution using Shared Resource with Improper
Synchronizati ...)
- TODO: check
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
+ NOTE:
https://github.com/apache/tomcat/commit/8a83c3c42d20762782678932c14005cd3397a018
(9.0.107)
CVE-2025-4972 (An issue has been discovered in GitLab EE affecting all
versions from ...)
TODO: check
CVE-2025-49812 (In some mod_ssl configurations on Apache HTTP Server versions
through ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cb2a3968f0e7a5e49ce2e132d6ba41fd254e706
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cb2a3968f0e7a5e49ce2e132d6ba41fd254e706
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
