[Git][security-tracker-team/security-tracker][master] Add CVE-2025-46701/tomcat*
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 30 05:36:23 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7d6d3f21 by Salvatore Bonaccorso at 2025-05-30T06:35:56+02:00
Add CVE-2025-46701/tomcat*
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -59,7 +59,18 @@ CVE-2025-46823 (openmrs-module-fhir2 provides the FHIR REST API and related serv
CVE-2025-46722 (vLLM is an inference and serving engine for large language models (LLM ...)
- vllm <itp> (bug #1095237)
CVE-2025-46701 (Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's ...)
- TODO: check
+ - tomcat11 <unfixed>
+ - tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ [bullseye] - tomcat9 <postponed> (Minor issue, unlikely access control bypass, fix along with next DLA)
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
+ NOTE: https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j
+ NOTE: https://github.com/apache/tomcat/commit/fab7247d2f0e3a29d5daef565f829f383e10e5e2 (11.0.7)
+ NOTE: https://github.com/apache/tomcat/commit/0f01966eb60015d975525019e12a087f05ebf01a (11.0.7)
+ NOTE: https://github.com/apache/tomcat/commit/2c6800111e7d8d8d5403c07978ea9bff3db5a5a5 (10.1.41)
+ NOTE: https://github.com/apache/tomcat/commit/238d2aa54b99f91d1111467e2237d2244c64e558 (10.1.41)
+ NOTE: https://github.com/apache/tomcat/commit/8df00018a252baa9497615d6420fb6c10466fa74 (9.0.105)
+ NOTE: https://github.com/apache/tomcat/commit/8cb95ff03221067c511b3fa66d4f745bc4b0a605 (9.0.105)
CVE-2025-46570 (vLLM is an inference and serving engine for large language models (LLM ...)
- vllm <itp> (bug #1095237)
CVE-2025-46080 (HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6d3f210ea70e98d27aaa9fbe6df95e4cf575ba
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6d3f210ea70e98d27aaa9fbe6df95e4cf575ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250530/7f5bf87c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list