[Git][security-tracker-team/security-tracker][master] Reserve DLA-3617-1 for tomcat9

Fri Oct 13 14:55:56 BST 2023


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e22f6593 by Markus Koschany at 2023-10-13T15:55:42+02:00
Reserve DLA-3617-1 for tomcat9

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -7325,7 +7325,6 @@ CVE-2023-41080 (URL Redirection to Untrusted Site ('Open Redirect') vulnerabilit
 	{DSA-5522-1 DSA-5521-1}
 	- tomcat10 10.1.13-1
 	- tomcat9 9.0.70-2
-	[buster] - tomcat9 <postponed> (Minor issue; can be fixed later)
 	- tomcat8 <removed>
 	NOTE: https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
 	NOTE: https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27 (10.1.13)
@@ -40230,7 +40229,6 @@ CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number o
 	- tomcat10 10.1.5-1
 	- tomcat9 9.0.70-2
 	[bullseye] - tomcat9 <postponed> (Minor issue, fix along with future update)
-	[buster] - tomcat9 <no-dsa> (Minor issue)
 	- libcommons-fileupload-java 1.4-2 (bug #1031733)
 	[bullseye] - libcommons-fileupload-java <no-dsa> (Minor issue)
 	[buster] - libcommons-fileupload-java <no-dsa> (Minor issue)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[13 Oct 2023] DLA-3617-1 tomcat9 - security update
+	{CVE-2023-24998 CVE-2023-41080 CVE-2023-42795 CVE-2023-44487 CVE-2023-45648}
+	[buster] - tomcat9 9.0.31-1~deb10u9
 [12 Oct 2023] DLA-3616-1 org-mode - security update
 	{CVE-2023-28617}
 	[buster] - org-mode 9.1.14+dfsg-3+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -228,9 +228,6 @@ suricata (Adrian Bunk)
   NOTE: 20230714: Still reviewing+testing CVEs. (bunk)
   NOTE: 20230731: Still reviewing+testing CVEs. (bunk)
 --
-tomcat9 (apo)
-  NOTE: 20231010: Added by Front-Desk (ta)
---
 trafficserver
   NOTE: 20231011: Added by Front-Desk (ta)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e22f6593983254826e85d54c9676fccaab0806cf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e22f6593983254826e85d54c9676fccaab0806cf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231013/714f2ce1/attachment.htm>
