[Git][security-tracker-team/security-tracker][master] 2 commits: Reserve DSA-5521-1 tomcat10

Tue Oct 10 22:45:40 BST 2023


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ceefb87 by Markus Koschany at 2023-10-10T23:44:04+02:00
Reserve DSA-5521-1 tomcat10

- - - - -
a9d230fc by Markus Koschany at 2023-10-10T23:44:58+02:00
Reserve DSA-5522-1 tomcat9

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6831,9 +6831,7 @@ CVE-2023-41121 (Array AG OS before 9.4.0.499 allows denial of service: remote at
 	NOT-FOR-US: Array AG OS
 CVE-2023-41080 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...)
 	- tomcat10 10.1.13-1
-	[bookworm] - tomcat10 <postponed> (Minor issue, fix along with future update)
 	- tomcat9 9.0.70-2
-	[bullseye] - tomcat9 <postponed> (Minor issue, fix along with future update)
 	[buster] - tomcat9 <postponed> (Minor issue; can be fixed later)
 	- tomcat8 <removed>
 	NOTE: https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
@@ -28308,7 +28306,6 @@ CVE-2023-1552 (ToolboxST prior to version 7.10 is affected by a deserialization
 CVE-2023-28709 (The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2  ...)
 	[experimental] - tomcat10 10.1.8-1
 	- tomcat10 10.1.10-1
-	[bookworm] - tomcat10 <postponed> (Fix when more important issues arise)
 	- tomcat9 <not-affected> (Incomplete fix for CVE-2023-24998 not applied)
 	NOTE: https://github.com/apache/tomcat/commit/ba848da71c523d94950d3c53c19ea155189df9dc (10.1.8)
 	NOTE: https://github.com/apache/tomcat/commit/fbd81421629afe8b8a3922d59020cde81caea861 (9.0.74)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,9 @@
+[10 Oct 2023] DSA-5522-1 tomcat9 - security update
+	{CVE-2023-28709 CVE-2023-41080 CVE-2023-42795 CVE-2023-44487 CVE-2023-45648}
+	[bullseye] - tomcat9 9.0.43-2~deb11u7
+[10 Oct 2023] DSA-5521-1 tomcat10 - security update
+	{CVE-2023-28709 CVE-2023-41080 CVE-2023-42795 CVE-2023-44487 CVE-2023-45648}
+	[bookworm] - tomcat10 10.1.6-1+deb12u1
 [10 Oct 2023] DSA-5520-1 mediawiki - security update
 	{CVE-2023-3550 CVE-2023-45360 CVE-2023-45362 CVE-2023-45363}
 	[bullseye] - mediawiki 1:1.35.13-1~deb11u1


=====================================
data/dsa-needed.txt
=====================================
@@ -88,10 +88,6 @@ samba/oldstable
 --
 tiff (aron)
 --
-tomcat10 (apo)
---
-tomcat9 (apo)
---
 trafficserver
 --
 webkit2gtk



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6fde24493013142fb644cd33a60110c7aaccfb1a...a9d230fce15d918f248fef4d75a9faa6da02c12e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6fde24493013142fb644cd33a60110c7aaccfb1a...a9d230fce15d918f248fef4d75a9faa6da02c12e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231010/61aabb20/attachment-0001.htm>
