[Git][security-tracker-team/security-tracker][master] Add CVE-2024-38286/tomcat

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
559fd7ca by Salvatore Bonaccorso at 2024-09-23T22:44:23+02:00
Add CVE-2024-38286/tomcat

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18866,6 +18866,15 @@ CVE-2024-35234 (Discourse is an open-source discussion platform. Prior to versio
 	NOT-FOR-US: Discourse
 CVE-2024-35227 (Discourse is an open-source discussion platform. Prior to version 3.2. ...)
 	NOT-FOR-US: Discourse
+CVE-2024-38286
+	- tomcat10 10.1.25-1
+	[bookworm] - tomcat10 <postponed> (Minor issue, fixed along in next DSA)
+	- tomcat9 9.0.70-2
+	[bullseye] - tomcat9 <postponed> (Minor issue, fixed along in next DSA)
+	NOTE: https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
+	NOTE: https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543 (10.1.25)
+	NOTE: https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13 (9.0.90)
+	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
 CVE-2024-34750 (Improper Handling of Exceptional Conditions, Uncontrolled Resource Con ...)
 	- tomcat10 10.1.25-1
 	[bookworm] - tomcat10 <postponed> (Minor issue, fixed along in next DSA)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/559fd7ca8c928581a3a234c8901a018db7e53bca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/559fd7ca8c928581a3a234c8901a018db7e53bca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240923/a0f7e982/attachment.htm>