[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for tomcat issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 11 15:53:21 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37ef9348 by Salvatore Bonaccorso at 2025-07-11T16:52:56+02:00
Add Debian bug reference for tomcat issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -191,8 +191,8 @@ CVE-2025-53549 (The Matrix Rust SDK is a collection of libraries that make it ea
 CVE-2025-53542 (Headlamp is an extensible Kubernetes web UI. A command injection vulne ...)
 	NOT-FOR-US: Headlamp
 CVE-2025-53506 (Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an ...)
-	- tomcat11 <unfixed>
-	- tomcat10 <unfixed>
+	- tomcat11 <unfixed> (bug #1109113)
+	- tomcat10 <unfixed> (bug #1109114)
 	- tomcat9 9.0.70-2
 	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
 	NOTE: https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b (11.0.9)
@@ -214,8 +214,8 @@ CVE-2025-52837 (Trend Micro Password Manager (Consumer) version 5.8.0.1327 and b
 CVE-2025-52521 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link following ...)
 	NOT-FOR-US: Trend Micro
 CVE-2025-52520 (For some unlikely configurations of multipart upload, an Integer Overf ...)
-	- tomcat11 <unfixed>
-	- tomcat10 <unfixed>
+	- tomcat11 <unfixed> (bug #1109111)
+	- tomcat10 <unfixed> (bug #1109112)
 	- tomcat9 9.0.70-2
 	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
 	NOTE: https://github.com/apache/tomcat/commit/a51e4bedccfafd35b7cdd0ee3e22267dee9f90db (11.0.9)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37ef93480df837b68fdfa05b6c5d9217c1c8f8ee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37ef93480df837b68fdfa05b6c5d9217c1c8f8ee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250711/2308600d/attachment.htm>

More information about the debian-security-tracker-commits mailing list