[Git][security-tracker-team/security-tracker][master] Reserve DSA-5845-1 for tomcat10

Markus Koschany (@apo) apo at debian.org
Fri Jan 17 16:08:58 GMT 2025 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
343d4e83 by Markus Koschany at 2025-01-17T17:08:20+01:00
Reserve DSA-5845-1 for tomcat10

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8255,7 +8255,6 @@ CVE-2024-56348 (In JetBrains TeamCity before 2024.12 improper access control all
 CVE-2024-56337 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apa ...)
 	{DLA-4017-1}
 	- tomcat10 10.1.34-1
-	[bookworm] - tomcat10 <no-dsa> (Minor issue)
 	- tomcat9 9.0.70-2
 	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
 	NOTE: https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp
@@ -8885,7 +8884,6 @@ CVE-2024-55496 (A vulnerability has been found in the 1000projects Bookstore Man
 	NOT-FOR-US: 1000projects Bookstore Management System PHP MySQL Project
 CVE-2024-54677 (Uncontrolled Resource Consumption vulnerability in the examples web ap ...)
 	- tomcat10 10.1.34-1
-	[bookworm] - tomcat10 <no-dsa> (Minor issue)
 	- tomcat9 9.0.70-2
 	[bullseye] - tomcat9 <ignored> (Minor issue)
 	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
@@ -8918,7 +8916,6 @@ CVE-2024-51479 (Next.js is a React framework for building full-stack web applica
 CVE-2024-50379 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during ...)
 	{DLA-4017-1}
 	- tomcat10 10.1.34-1
-	[bookworm] - tomcat10 <no-dsa> (Minor issue)
 	- tomcat9 9.0.70-2
 	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
 	NOTE: https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
@@ -17510,7 +17507,6 @@ CVE-2024-52317 (Incorrect object re-cycling and re-use vulnerability in Apache T
 CVE-2024-52316 (Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is ...)
 	{DLA-4017-1}
 	- tomcat10 10.1.31-1
-	[bookworm] - tomcat10 <postponed> (Minor issue, fixed along in next DSA)
 	- tomcat9 9.0.70-2
 	NOTE: https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928
 	NOTE: https://github.com/apache/tomcat/commit/acc2f01395f895980f5d8a64573fcc1bade13369 (10.1.31)
@@ -52757,7 +52753,6 @@ CVE-2024-35227 (Discourse is an open-source discussion platform. Prior to versio
 CVE-2024-38286 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
 	{DLA-4017-1}
 	- tomcat10 10.1.25-1
-	[bookworm] - tomcat10 <postponed> (Minor issue, fixed along in next DSA)
 	- tomcat9 9.0.70-2
 	NOTE: https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
 	NOTE: https://github.com/apache/tomcat/commit/3344c17cef094da4bb616f4186ed32039627b543 (10.1.25)
@@ -52765,7 +52760,6 @@ CVE-2024-38286 (Allocation of Resources Without Limits or Throttling vulnerabili
 	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
 CVE-2024-34750 (Improper Handling of Exceptional Conditions, Uncontrolled Resource Con ...)
 	- tomcat10 10.1.25-1
-	[bookworm] - tomcat10 <postponed> (Minor issue, fixed along in next DSA)
 	- tomcat9 9.0.70-2
 	[bullseye] - tomcat9 <postponed> (Minor issue, fixed along in next DSA)
 	NOTE: https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Jan 2025] DSA-5845-1 tomcat10 - security update
+	{CVE-2024-34750 CVE-2024-38286 CVE-2024-50379 CVE-2024-52316 CVE-2024-54677 CVE-2024-56337}
+	[bookworm] - tomcat10 10.1.34-0+deb12u1
 [16 Jan 2025] DSA-5843-2 rsync - regression update
 	[bookworm] - rsync 3.2.7-1+deb12u2
 [15 Jan 2025] DSA-5844-1 chromium - security update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/343d4e831e3d5f01b0ae8a964332296247593555

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/343d4e831e3d5f01b0ae8a964332296247593555
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250117/e766a4e3/attachment.htm>

More information about the debian-security-tracker-commits mailing list