Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e9f02910 by Salvatore Bonaccorso at 2026-07-03T08:22:03+02:00
Add Debian bug references for tomcat issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3432,24 +3432,24 @@ CVE-2026-10648 (mcumgr_serial_process_frag() in
subsys/mgmt/mcumgr/transport/src
CVE-2026-10647 (The USB CDC-NCM device class
(subsys/usb/device_next/class/usbd_cdc_nc ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-55956 (Improper Authorization vulnerability in Apache Tomcat leads to
securit ...)
- - tomcat11 <unfixed>
- - tomcat10 <unfixed>
+ - tomcat11 <unfixed> (bug #1141337)
+ - tomcat10 <unfixed> (bug #1141338)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE:
https://github.com/apache/tomcat/commit/3f6bd2ba5e53d1f340bbe5ad2d42a28b29440b7a
(11.0.23)
NOTE:
https://github.com/apache/tomcat/commit/9c3b1efb74fd04f77639720af1d48a8f664ad9bb
(10.1.56)
NOTE:
https://github.com/apache/tomcat/commit/a0374c450970760efafbd8806a1db278830ba7bd
(9.0.119)
CVE-2026-55955 (Improper Authentication vulnerability in Apache Tomcat allowed
a repla ...)
- - tomcat11 <unfixed>
- - tomcat10 <unfixed>
+ - tomcat11 <unfixed> (bug #1141337)
+ - tomcat10 <unfixed> (bug #1141338)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE:
https://github.com/apache/tomcat/commit/5e594400c7f6ac0eaf2526bd64442a70f5ccaace
(11.0.23)
NOTE:
https://github.com/apache/tomcat/commit/3a9ff01d2dfaca651edacbda3260e37b98b540d3
(10.1.56)
NOTE:
https://github.com/apache/tomcat/commit/6a7a432cd7fb4ef358dc12e8da99cf3ab320f3fe
(9.0.119)
CVE-2026-55276 (Always-Incorrect Control Flow Implementation vulnerability in
Apache T ...)
- - tomcat11 <unfixed>
- - tomcat10 <unfixed>
+ - tomcat11 <unfixed> (bug #1141337)
+ - tomcat10 <unfixed> (bug #1141338)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE:
https://github.com/apache/tomcat/commit/f844614c6d92eeb11e81e179606bf4c390f642dd
(11.0.23)
@@ -3458,24 +3458,24 @@ CVE-2026-55276 (Always-Incorrect Control Flow
Implementation vulnerability in Ap
NOTE:
https://github.com/apache/tomcat/commit/17daf80a738d66a8e6cad05c5e32c2db81500ce1
(10.1.56)
NOTE:
https://github.com/apache/tomcat/commit/3ca8cae5fd3796b1bd9759e11b0e238161e7a39c
(9.0.119)
CVE-2026-53434 (Detection of Error Condition Without Action vulnerability in
Apache To ...)
- - tomcat11 <unfixed>
- - tomcat10 <unfixed>
+ - tomcat11 <unfixed> (bug #1141337)
+ - tomcat10 <unfixed> (bug #1141338)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE:
https://github.com/apache/tomcat/commit/7f8ecdbd930d8c5a7fae73aa0eec9124d919e2f5
(11.0.23)
NOTE:
https://github.com/apache/tomcat/commit/feec60d6099727db6f911534f6a0f6926ebab070
(10.1.56)
NOTE:
https://github.com/apache/tomcat/commit/c48ac39c27f4494f8c96b9d56a487253e362d276
(9.0.119)
CVE-2026-53404 (Always-Incorrect Control Flow Implementation vulnerability in
Apache T ...)
- - tomcat11 <unfixed>
- - tomcat10 <unfixed>
+ - tomcat11 <unfixed> (bug #1141337)
+ - tomcat10 <unfixed> (bug #1141338)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE:
https://github.com/apache/tomcat/commit/b647cb584cea8bf95e64f5d2526c59ab8fca3225
(11.0.23)
NOTE:
https://github.com/apache/tomcat/commit/bbb6219fa5ac185060bef7842cee5fb90230ca00
(10.1.56)
NOTE:
https://github.com/apache/tomcat/commit/fe06ae8a71997061596f54189dae1b1b5da75430
(9.0.119)
CVE-2026-50229 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
- - tomcat11 <unfixed>
- - tomcat10 <unfixed>
+ - tomcat11 <unfixed> (bug #1141337)
+ - tomcat10 <unfixed> (bug #1141338)
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE:
https://github.com/apache/tomcat/commit/1fe95d841e9d461a16069974142d12c3ef68819a
(11.0.23)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9f02910f1c6bd7c05520394352f42a0969288e6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9f02910f1c6bd7c05520394352f42a0969288e6
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits