Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eca56b8d by Moritz Muehlenhoff at 2025-09-29T12:46:06+02:00
tomcat11 fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16651,7 +16651,7 @@ CVE-2025-6186 (An issue has been discovered in GitLab
CE/EE affecting all versio
CVE-2025-5819 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <unfixed>
CVE-2025-55668 (Session Fixation vulnerability in Apache Tomcat via rewrite
valve. Th ...)
- - tomcat11 <unfixed> (bug #1111099)
+ - tomcat11 11.0.11-1 (bug #1111099)
- tomcat10 <unfixed> (bug #1111098)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
@@ -16753,7 +16753,7 @@ CVE-2025-50594 (An issue was discovered in
/Code/Websites/DanpheEMR/Controllers/
CVE-2025-50251 (Server side request forgery (SSRF) vulnerability in makeplane
plane 0. ...)
NOT-FOR-US: makeplane plane
CVE-2025-48989 (Improper Resource Shutdown or Release vulnerability in Apache
Tomcat m ...)
- - tomcat11 <unfixed> (bug #1111097)
+ - tomcat11 11.0.11-1 (bug #1111097)
- tomcat10 <unfixed> (bug #1111096)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
@@ -25671,7 +25671,7 @@ CVE-2025-53542 (Headlamp is an extensible Kubernetes
web UI. A command injection
NOT-FOR-US: Headlamp
CVE-2025-53506 (Uncontrolled Resource Consumption vulnerability in Apache
Tomcat if an ...)
{DLA-4244-1}
- - tomcat11 <unfixed> (bug #1109113)
+ - tomcat11 11.0.11-1 (bug #1109113)
- tomcat10 <unfixed> (bug #1109114)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
@@ -25698,7 +25698,7 @@ CVE-2025-52521 (Trend Micro Security 17.8 (Consumer) is
vulnerable to a link fol
NOT-FOR-US: Trend Micro
CVE-2025-52520 (For some unlikely configurations of multipart upload, an
Integer Overf ...)
{DLA-4244-1}
- - tomcat11 <unfixed> (bug #1109111)
+ - tomcat11 11.0.11-1 (bug #1109111)
- tomcat10 <unfixed> (bug #1109112)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
@@ -34595,7 +34595,7 @@ CVE-2025-4565 (Any project that uses Protobuf
Pure-Python backendto parse untrus
NOTE:
https://github.com/protocolbuffers/protobuf/commit/17838beda2943d08b8a9d4df5b68f5f04f26d901
CVE-2025-49125 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
{DLA-4244-1}
- - tomcat11 <unfixed> (bug #1108114)
+ - tomcat11 11.0.11-1 (bug #1108114)
- tomcat10 <unfixed> (bug #1108115)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
@@ -34610,7 +34610,7 @@ CVE-2025-49124 (Untrusted Search Path vulnerability in
Apache Tomcat installer f
NOTE: https://lists.apache.org/thread/lnow7tt2j6hb9kcpkggx32ht6o90vqzv
CVE-2025-48988 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
{DLA-4244-1}
- - tomcat11 <unfixed> (bug #1108116)
+ - tomcat11 11.0.11-1 (bug #1108116)
- tomcat10 <unfixed> (bug #1108117)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
@@ -34623,7 +34623,7 @@ CVE-2025-48976 (Allocation of resources for multipart
headers with insufficient
- libcommons-fileupload-java <unfixed> (bug #1108120)
[trixie] - libcommons-fileupload-java <no-dsa> (Minor issue)
[bookworm] - libcommons-fileupload-java <no-dsa> (Minor issue)
- - tomcat11 <unfixed> (bug #1108118)
+ - tomcat11 11.0.11-1 (bug #1108118)
- tomcat10 <unfixed> (bug #1108119)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
@@ -39203,7 +39203,7 @@ CVE-2025-46722 (vLLM is an inference and serving engine
for large language model
- vllm <itp> (bug #1095237)
CVE-2025-46701 (Improper Handling of Case Sensitivity vulnerability in Apache
Tomcat's ...)
{DLA-4244-1}
- - tomcat11 <unfixed> (bug #1106821)
+ - tomcat11 11.0.11-1 (bug #1106821)
- tomcat10 <unfixed> (bug #1106820)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eca56b8dd48c7f522985f56498dc3f16f7ed36bd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eca56b8dd48c7f522985f56498dc3f16f7ed36bd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
