Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
56404044 by Moritz Muehlenhoff at 2026-06-02T16:29:41+02:00
tomcat10 fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13226,7 +13226,7 @@ CVE-2026-43891 (changedetection.io is a free open
source web page change detecti
NOT-FOR-US: changedetection.io
CVE-2026-43515 (Improper Authorization vulnerability when multiple method
constraints ...)
- tomcat11 11.0.22-1
- - tomcat10 <unfixed>
+ - tomcat10 10.1.55-1
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE: Fixed by:
https://github.com/apache/tomcat/commit/276087d9c7abbcecc6c4fb4e4b08cf64780c6e36
(11.0.22)
@@ -13235,7 +13235,7 @@ CVE-2026-43515 (Improper Authorization vulnerability
when multiple method constr
NOTE: https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb
CVE-2026-43514 (Observable Timing Discrepancy vulnerabilitywhen comparing AJP
secret i ...)
- tomcat11 11.0.22-1
- - tomcat10 <unfixed>
+ - tomcat10 10.1.55-1
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE: Fixed by:
https://github.com/apache/tomcat/commit/d35d9d23263c8e4af561f615c960c91697ff200e
(11.0.22)
@@ -13244,7 +13244,7 @@ CVE-2026-43514 (Observable Timing Discrepancy
vulnerabilitywhen comparing AJP se
NOTE: https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m
CVE-2026-43513 (Improper Handling of Case Sensitivity vulnerability in
LockOutRealm in ...)
- tomcat11 11.0.22-1
- - tomcat10 <unfixed>
+ - tomcat10 10.1.55-1
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE: Fixed by:
https://github.com/apache/tomcat/commit/83f3e51df7b87f5f6e626951c575ded1a512e8ef
(11.0.22)
@@ -13253,7 +13253,7 @@ CVE-2026-43513 (Improper Handling of Case Sensitivity
vulnerability in LockOutRe
NOTE: https://lists.apache.org/thread/ytjcgldshj73lcnd1sh95od5hrghwogp
CVE-2026-43512 (DEPRECATED: Authentication Bypass Issues vulnerability in
digest authe ...)
- tomcat11 11.0.22-1
- - tomcat10 <unfixed>
+ - tomcat10 10.1.55-1
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE: Fixed by:
https://github.com/apache/tomcat/commit/a99c355e8199adbfd67c9a1fffbd85b810b196cd
(11.0.22)
@@ -13292,7 +13292,7 @@ CVE-2026-42541 (Kubewarden is a policy engine for
Kubernetes. Prior to , An atta
NOT-FOR-US: Kubewarden
CVE-2026-42498 (Exposure of HTTP Authentication Header to unexpected hosts
during WebS ...)
- tomcat11 11.0.22-1
- - tomcat10 <unfixed>
+ - tomcat10 10.1.55-1
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE: Fixed by:
https://github.com/apache/tomcat/commit/b7b173694d588ddcfa432f079baf763cbbbaa5c4
(11.0.22)
@@ -13345,7 +13345,7 @@ CVE-2026-41513 (Horilla is an HR and CRM software. In
1.5.0, the notification en
NOT-FOR-US: Horilla
CVE-2026-41293 (Improper Input Validation vulnerability in Apache Tomcat.
This issue ...)
- tomcat11 11.0.22-1
- - tomcat10 <unfixed>
+ - tomcat10 10.1.55-1
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE: Fixed by:
https://github.com/apache/tomcat/commit/e5cef9618c3f4fd31bd6fb1e83f0f18022280dac
(11.0.22)
@@ -13360,7 +13360,7 @@ CVE-2026-41293 (Improper Input Validation vulnerability
in Apache Tomcat. This
NOTE: https://lists.apache.org/thread/qwg0q16z7xkb2qrr853wdll5531mvl1r
CVE-2026-41284 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
- tomcat11 11.0.22-1
- - tomcat10 <unfixed>
+ - tomcat10 10.1.55-1
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE: Fixed by:
https://github.com/apache/tomcat/commit/a96fffd18487a29c0a30d36f00cb2b2d91f6d42c
(11.0.22)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5640404450ed7a5112243158d25d97aba42fa49c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5640404450ed7a5112243158d25d97aba42fa49c
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
