[Git][security-tracker-team/security-tracker][master] Add CVE-2024-52317/tomcat

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c0f0a6f0 by Salvatore Bonaccorso at 2024-11-18T22:08:55+01:00
Add CVE-2024-52317/tomcat

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -64,7 +64,12 @@ CVE-2024-52419 (Improper Neutralization of Input During Web Page Generation (XSS
 CVE-2024-52318 (Incorrect object recycling and reuse vulnerability in Apache Tomcat.   ...)
 	TODO: check
 CVE-2024-52317 (Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. ...)
-	TODO: check
+	- tomcat10 10.1.31-1
+	[bookworm] - tomcat10 <not-affected> (Vulnerable code not present)
+	- tomcat9 <not-affected> (Vulnerable code not present, introduced in 9.0.92)
+	NOTE: https://lists.apache.org/thread/ty376mrxy1mmxtw3ogo53nc9l3co3dfs
+	NOTE: https://github.com/apache/tomcat/commit/146f94f87ea398fb592c7a20a5ccbef95e9dd72b (10.1.31)
+	NOTE: https://github.com/apache/tomcat/commit/47307ee27abcdea2ee40e33897aca760083de46a (9.0.96)
 CVE-2024-52316 (Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is ...)
 	- tomcat10 10.1.31-1
 	[bookworm] - tomcat10 <postponed> (Minor issue, fixed along in next DSA)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0f0a6f08e375b7c967f3f232377ea5c842aa3b0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0f0a6f08e375b7c967f3f232377ea5c842aa3b0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241118/b7ea72d3/attachment-0001.htm>