[Git][security-tracker-team/security-tracker][master] new tomcat issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Oct 10 22:29:16 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
606bdb12 by Moritz Muehlenhoff at 2023-10-10T23:28:55+02:00
new tomcat issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,7 +31,10 @@ CVE-2023-4837 (SmodBIP is vulnerable to Cross-Site Request Forgery, that could b
CVE-2023-4309 (Election Services Co. (ESC) Internet Election Service is vulnerable to ...)
NOT-FOR-US: Election Services Co. (ESC) Internet Election Service
CVE-2023-45648 (Improper Input Validation vulnerability in Apache Tomcat.Tomcatfrom 11 ...)
- TODO: check
+ - tomcat10 10.1.14-1
+ - tomcat9 <unfixed>
+ - tomcat8 <removed>
+ NOTE: https://www.openwall.com/lists/oss-security/2023/10/10/10
CVE-2023-45601 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...)
NOT-FOR-US: Parasolid
CVE-2023-45226 (The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5 ...)
@@ -103,9 +106,15 @@ CVE-2023-43485 (When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ
CVE-2023-42796 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...)
NOT-FOR-US: Siemens
CVE-2023-42795 (Incomplete Cleanup vulnerability in Apache Tomcat.When recycling vario ...)
- TODO: check
+ - tomcat10 10.1.14-1
+ - tomcat9 <unfixed>
+ - tomcat8 <removed>
+ NOTE: https://www.openwall.com/lists/oss-security/2023/10/10/9
CVE-2023-42794 (Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork ...)
- TODO: check
+ - tomcat10 <not-affected> (Windows-specific)
+ - tomcat9 <not-affected> (Windows-specific)
+ - tomcat8 <not-affected> (Windows-specific)
+ NOTE: https://www.openwall.com/lists/oss-security/2023/10/10/8
CVE-2023-42788 (An improper neutralization of special elements used in an os command ( ...)
NOT-FOR-US: Fortinet
CVE-2023-42787 (A client-side enforcement of server-side security [CWE-602] vulnerabil ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -88,6 +88,10 @@ samba/oldstable
--
tiff (aron)
--
+tomcat10 (apo)
+--
+tomcat9 (apo)
+--
trafficserver
--
webkit2gtk
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/606bdb1210df32a43221a56e900a36e64befd5f8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/606bdb1210df32a43221a56e900a36e64befd5f8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231010/bddba69f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list