[Git][security-tracker-team/security-tracker][master] Reserve DLA-3160-1 for tomcat9

Markus Koschany (@apo) apo at debian.org
Wed Oct 26 13:12:39 BST 2022 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ac3f2154 by Markus Koschany at 2022-10-26T14:12:27+02:00
Reserve DLA-3160-1 for tomcat9

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37006,7 +37006,6 @@ CVE-2022-29892 (Improper input validation vulnerability in Space of Cybozu Garoo
 CVE-2022-29885 (The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1  ...)
 	- tomcat9 9.0.63-1
 	[bullseye] - tomcat9 <postponed> (Minor issue)
-	[buster] - tomcat9 <postponed> (Minor issue)
 	- tomcat8 <removed>
 	[stretch] - tomcat8 <postponed> (Minor issue)
 	NOTE: https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48 (9.0.63)
@@ -57943,7 +57942,6 @@ CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTT
 CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time of use  ...)
 	- tomcat9 9.0.58-1
 	[bullseye] - tomcat9 <postponed> (Minor issue, fix along in future DSA)
-	[buster] - tomcat9 <postponed> (Minor issue, fix along in future DSA)
 	- tomcat8 <removed>
 	[stretch] - tomcat8 <postponed> (Minor issue; local race condition)
 	NOTE: https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Oct 2022] DLA-3160-1 tomcat9 - security update
+	{CVE-2021-43980 CVE-2022-23181 CVE-2022-29885}
+	[buster] - tomcat9 9.0.31-1~deb10u7
 [25 Oct 2022] DLA-3159-1 libbluray - bugfix update
 	[buster] - libbluray 1:1.1.0-1+deb10u1
 [24 Oct 2022] DLA-3158-1 wkhtmltopdf - security update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac3f2154bbf284e3e03a5e9f798e563bb29a50e5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac3f2154bbf284e3e03a5e9f798e563bb29a50e5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221026/fd2af21b/attachment.htm>

More information about the debian-security-tracker-commits mailing list