Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e4ff5737 by Moritz Mühlenhoff at 2025-09-29T16:56:19+02:00
tomcat10 fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16652,7 +16652,7 @@ CVE-2025-5819 (An issue has been discovered in GitLab
CE/EE affecting all versio
- gitlab <unfixed>
CVE-2025-55668 (Session Fixation vulnerability in Apache Tomcat via rewrite
valve. Th ...)
- tomcat11 11.0.11-1 (bug #1111099)
- - tomcat10 <unfixed> (bug #1111098)
+ - tomcat10 10.1.46-1 (bug #1111098)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE: https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47
@@ -25672,7 +25672,7 @@ CVE-2025-53542 (Headlamp is an extensible Kubernetes
web UI. A command injection
CVE-2025-53506 (Uncontrolled Resource Consumption vulnerability in Apache
Tomcat if an ...)
{DLA-4244-1}
- tomcat11 11.0.11-1 (bug #1109113)
- - tomcat10 <unfixed> (bug #1109114)
+ - tomcat10 10.1.46-1 (bug #1109114)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE:
https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b
(11.0.9)
@@ -25699,7 +25699,7 @@ CVE-2025-52521 (Trend Micro Security 17.8 (Consumer) is
vulnerable to a link fol
CVE-2025-52520 (For some unlikely configurations of multipart upload, an
Integer Overf ...)
{DLA-4244-1}
- tomcat11 11.0.11-1 (bug #1109111)
- - tomcat10 <unfixed> (bug #1109112)
+ - tomcat10 10.1.46-1 (bug #1109112)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE:
https://github.com/apache/tomcat/commit/a51e4bedccfafd35b7cdd0ee3e22267dee9f90db
(11.0.9)
@@ -34596,7 +34596,7 @@ CVE-2025-4565 (Any project that uses Protobuf
Pure-Python backendto parse untrus
CVE-2025-49125 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
{DLA-4244-1}
- tomcat11 11.0.11-1 (bug #1108114)
- - tomcat10 <unfixed> (bug #1108115)
+ - tomcat10 10.1.46-1 (bug #1108115)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE: https://lists.apache.org/thread/m66cytbfrty9k7dc4cg6tl1czhsnbywk
@@ -34611,7 +34611,7 @@ CVE-2025-49124 (Untrusted Search Path vulnerability in
Apache Tomcat installer f
CVE-2025-48988 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
{DLA-4244-1}
- tomcat11 11.0.11-1 (bug #1108116)
- - tomcat10 <unfixed> (bug #1108117)
+ - tomcat10 10.1.46-1 (bug #1108117)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE: https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18
@@ -34624,7 +34624,7 @@ CVE-2025-48976 (Allocation of resources for multipart
headers with insufficient
[trixie] - libcommons-fileupload-java <no-dsa> (Minor issue)
[bookworm] - libcommons-fileupload-java <no-dsa> (Minor issue)
- tomcat11 11.0.11-1 (bug #1108118)
- - tomcat10 <unfixed> (bug #1108119)
+ - tomcat10 10.1.46-1 (bug #1108119)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE: https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12
@@ -39204,7 +39204,7 @@ CVE-2025-46722 (vLLM is an inference and serving engine
for large language model
CVE-2025-46701 (Improper Handling of Case Sensitivity vulnerability in Apache
Tomcat's ...)
{DLA-4244-1}
- tomcat11 11.0.11-1 (bug #1106821)
- - tomcat10 <unfixed> (bug #1106820)
+ - tomcat10 10.1.46-1 (bug #1106820)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE: https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4ff5737363fea7986783dac94f0e2866ae2df0d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4ff5737363fea7986783dac94f0e2866ae2df0d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
