Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e9f02910 by Salvatore Bonaccorso at 2026-07-03T08:22:03+02:00
Add Debian bug references for tomcat issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3432,24 +3432,24 @@ CVE-2026-10648 (mcumgr_serial_process_frag() in 
subsys/mgmt/mcumgr/transport/src
 CVE-2026-10647 (The USB CDC-NCM device class 
(subsys/usb/device_next/class/usbd_cdc_nc ...)
        NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-55956 (Improper Authorization vulnerability in Apache Tomcat leads to 
securit ...)
-       - tomcat11 <unfixed>
-       - tomcat10 <unfixed>
+       - tomcat11 <unfixed> (bug #1141337)
+       - tomcat10 <unfixed> (bug #1141338)
        - tomcat9 9.0.70-2
        NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server 
stack, using that as the fixed version
        NOTE: 
https://github.com/apache/tomcat/commit/3f6bd2ba5e53d1f340bbe5ad2d42a28b29440b7a
 (11.0.23)
        NOTE: 
https://github.com/apache/tomcat/commit/9c3b1efb74fd04f77639720af1d48a8f664ad9bb
 (10.1.56)
        NOTE: 
https://github.com/apache/tomcat/commit/a0374c450970760efafbd8806a1db278830ba7bd
 (9.0.119)
 CVE-2026-55955 (Improper Authentication vulnerability in Apache Tomcat allowed 
a repla ...)
-       - tomcat11 <unfixed>
-       - tomcat10 <unfixed>
+       - tomcat11 <unfixed> (bug #1141337)
+       - tomcat10 <unfixed> (bug #1141338)
        - tomcat9 9.0.70-2
        NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server 
stack, using that as the fixed version
        NOTE: 
https://github.com/apache/tomcat/commit/5e594400c7f6ac0eaf2526bd64442a70f5ccaace
 (11.0.23)
        NOTE: 
https://github.com/apache/tomcat/commit/3a9ff01d2dfaca651edacbda3260e37b98b540d3
 (10.1.56)
        NOTE: 
https://github.com/apache/tomcat/commit/6a7a432cd7fb4ef358dc12e8da99cf3ab320f3fe
 (9.0.119)
 CVE-2026-55276 (Always-Incorrect Control Flow Implementation vulnerability in 
Apache T ...)
-       - tomcat11 <unfixed>
-       - tomcat10 <unfixed>
+       - tomcat11 <unfixed> (bug #1141337)
+       - tomcat10 <unfixed> (bug #1141338)
        - tomcat9 9.0.70-2
        NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server 
stack, using that as the fixed version
        NOTE: 
https://github.com/apache/tomcat/commit/f844614c6d92eeb11e81e179606bf4c390f642dd
 (11.0.23)
@@ -3458,24 +3458,24 @@ CVE-2026-55276 (Always-Incorrect Control Flow 
Implementation vulnerability in Ap
        NOTE: 
https://github.com/apache/tomcat/commit/17daf80a738d66a8e6cad05c5e32c2db81500ce1
 (10.1.56)
        NOTE: 
https://github.com/apache/tomcat/commit/3ca8cae5fd3796b1bd9759e11b0e238161e7a39c
 (9.0.119)
 CVE-2026-53434 (Detection of Error Condition Without Action vulnerability in 
Apache To ...)
-       - tomcat11 <unfixed>
-       - tomcat10 <unfixed>
+       - tomcat11 <unfixed> (bug #1141337)
+       - tomcat10 <unfixed> (bug #1141338)
        - tomcat9 9.0.70-2
        NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server 
stack, using that as the fixed version
        NOTE: 
https://github.com/apache/tomcat/commit/7f8ecdbd930d8c5a7fae73aa0eec9124d919e2f5
 (11.0.23)
        NOTE: 
https://github.com/apache/tomcat/commit/feec60d6099727db6f911534f6a0f6926ebab070
 (10.1.56)
        NOTE: 
https://github.com/apache/tomcat/commit/c48ac39c27f4494f8c96b9d56a487253e362d276
 (9.0.119)
 CVE-2026-53404 (Always-Incorrect Control Flow Implementation vulnerability in 
Apache T ...)
-       - tomcat11 <unfixed>
-       - tomcat10 <unfixed>
+       - tomcat11 <unfixed> (bug #1141337)
+       - tomcat10 <unfixed> (bug #1141338)
        - tomcat9 9.0.70-2
        NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server 
stack, using that as the fixed version
        NOTE: 
https://github.com/apache/tomcat/commit/b647cb584cea8bf95e64f5d2526c59ab8fca3225
 (11.0.23)
        NOTE: 
https://github.com/apache/tomcat/commit/bbb6219fa5ac185060bef7842cee5fb90230ca00
 (10.1.56)
        NOTE: 
https://github.com/apache/tomcat/commit/fe06ae8a71997061596f54189dae1b1b5da75430
 (9.0.119)
 CVE-2026-50229 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
-       - tomcat11 <unfixed>
-       - tomcat10 <unfixed>
+       - tomcat11 <unfixed> (bug #1141337)
+       - tomcat10 <unfixed> (bug #1141338)
        - tomcat9 9.0.70-2
        NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server 
stack, using that as the fixed version
        NOTE: 
https://github.com/apache/tomcat/commit/1fe95d841e9d461a16069974142d12c3ef68819a
 (11.0.23)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9f02910f1c6bd7c05520394352f42a0969288e6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9f02910f1c6bd7c05520394352f42a0969288e6
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to