[Git][security-tracker-team/security-tracker][master] Add CVE-2024-34750/tomcat

Thu Jul 4 08:13:35 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b88ee6a1 by Salvatore Bonaccorso at 2024-07-04T09:13:11+02:00
Add CVE-2024-34750/tomcat

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -60,7 +60,12 @@ CVE-2024-35234 (Discourse is an open-source discussion platform. Prior to versio
 CVE-2024-35227 (Discourse is an open-source discussion platform. Prior to version 3.2. ...)
 	NOT-FOR-US: Discourse
 CVE-2024-34750 (Improper Handling of Exceptional Conditions, Uncontrolled Resource Con ...)
-	TODO: check
+	- tomcat10 10.1.25-1
+	- tomcat9 9.0.70-2
+	NOTE: https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l
+	NOTE: https://github.com/apache/tomcat/commit/2afae300c9ac9c0e516e2e9de580847d925365c3 (10.1.25)
+	NOTE: https://github.com/apache/tomcat/commit/9fec9a82887853402833a80b584e3762c7423f5f (9.0.90)
+	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
 CVE-2024-32937 (An os command injection vulnerability exists in the CWMP SelfDefinedTi ...)
 	NOT-FOR-US: Grandstream GXP2135
 CVE-2024-31223 (Fides is an open-source privacy engineering platform, and `SERVER_SIDE ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b88ee6a1a0b9d602d05e7e654a5a157dc976dd7d

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b88ee6a1a0b9d602d05e7e654a5a157dc976dd7d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240704/3ce2599f/attachment.htm>
