[Git][security-tracker-team/security-tracker][master] Add CVE-2025-24813/tomcat
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 10 21:02:00 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5424ac79 by Salvatore Bonaccorso at 2025-03-10T22:01:36+01:00
Add CVE-2025-24813/tomcat
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -66,7 +66,10 @@ CVE-2025-25382 (An issue in the Property Tax Payment Portal in Information Keral
CVE-2025-25306 (Misskey is an open source, federated social media platform. The patch ...)
NOT-FOR-US: Misskey
CVE-2025-24813 (Path Equivalence: 'file.Name' (Internal Dot) leading toRemote Code Exe ...)
- TODO: check
+ - tomcat10 10.1.35-1
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
+ NOTE: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq
CVE-2025-24387 (A vulnerability in OTRS Application Server allows session hijacking du ...)
TODO: check
CVE-2025-22603 (AutoGPT is a platform that allows users to create, deploy, and manage ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5424ac7971c07110f3e77e597ccc47249ac762ae
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5424ac7971c07110f3e77e597ccc47249ac762ae
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250310/6d57a72a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list