[Git][security-tracker-team/security-tracker][master] Reference upstream commits for tomcat issue

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
921e3389 by Salvatore Bonaccorso at 2025-03-18T07:38:25+01:00
Reference upstream commits for tomcat issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1917,6 +1917,8 @@ CVE-2025-24813 (Path Equivalence: 'file.Name' (Internal Dot) leading toRemote Co
 	- tomcat9 9.0.70-2
 	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
 	NOTE: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq
+	NOTE: Fixed by: https://github.com/apache/tomcat/commit/f6c01d6577cf9a1e06792be47e623d36acc3b5dc (10.1.35)
+	NOTE: Fixed by: https://github.com/apache/tomcat/commit/eb61aade8f8daccaecabf07d428b877975622f72 (9.0.99)
 CVE-2025-24387 (A vulnerability in OTRS Application Server allows session hijacking du ...)
 	NOT-FOR-US: OTRS
 	NOTE: Could possibly affect Znuny, we'll let their security team figure it out



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/921e3389948a126712436ca26a7cdbdb6d4cbacd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/921e3389948a126712436ca26a7cdbdb6d4cbacd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250318/c4527ed7/attachment.htm>