[Git][security-tracker-team/security-tracker][master] Add CVE-2024-50379/tomcat

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 17 20:49:46 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a3ee8176 by Salvatore Bonaccorso at 2024-12-17T21:49:22+01:00
Add CVE-2024-50379/tomcat

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32,7 +32,15 @@ CVE-2024-52542 (Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink)
 CVE-2024-51479 (Next.js is a React framework for building full-stack web applications. ...)
 	TODO: check
 CVE-2024-50379 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during ...)
-	TODO: check
+	- tomcat10 10.1.34-1
+	[bookworm] - tomcat10 <no-dsa> (Minor issue)
+	- tomcat9 9.0.70-2
+	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
+	NOTE: https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
+	NOTE: https://github.com/apache/tomcat/commit/8554f6b1722b33a2ce8b0a3fad37825f3a75f2d2 (10.1.34)
+	NOTE: https://github.com/apache/tomcat/commit/05ddeeaa54df1e2dc427d0164bedd6b79f78d81f (10.1.34)
+	NOTE: https://github.com/apache/tomcat/commit/43b507ebac9d268b1ea3d908e296cc6e46795c00 (9.0.98)
+	NOTE: https://github.com/apache/tomcat/commit/631500b0c9b2a2a2abb707e3de2e10a5936e5d41 (9.0.98)
 CVE-2024-49820 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2 ...)
 	NOT-FOR-US: IBM
 CVE-2024-49819 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3ee8176fce4dbc1fe448036f2e402986c5392f7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3ee8176fce4dbc1fe448036f2e402986c5392f7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241217/b8bdeab1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list