[Git][security-tracker-team/security-tracker][master] Add CVE-2025-55668/tomcat
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 13 21:38:27 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ac9f9874 by Salvatore Bonaccorso at 2025-08-13T22:38:01+02:00
Add CVE-2025-55668/tomcat
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -61,7 +61,14 @@ CVE-2025-6186 (An issue has been discovered in GitLab CE/EE affecting all versio
CVE-2025-5819 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- gitlab <unfixed>
CVE-2025-55668 (Session Fixation vulnerability in Apache Tomcat via rewrite valve. Th ...)
- TODO: check
+ - tomcat11 <unfixed>
+ - tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
+ NOTE: https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47
+ NOTE: https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21 (11.0.8)
+ NOTE: https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6 (10.1.42)
+ NOTE: https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95 (9.0.106)
CVE-2025-55345 (Using Codex CLI in workspace-write mode inside a malicious context (re ...)
TODO: check
CVE-2025-55280 (This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi crede ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac9f98745e4d204e47bdf7a42e85113e9678dbe3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac9f98745e4d204e47bdf7a42e85113e9678dbe3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250813/1e0914dd/attachment.htm>
More information about the debian-security-tracker-commits
mailing list