[Git][security-tracker-team/security-tracker][master] Add new tomcat9 issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 30 08:02:19 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fc11f77e by Salvatore Bonaccorso at 2026-06-30T09:01:43+02:00
Add new tomcat9 issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,35 +1,53 @@
CVE-2026-55956
- tomcat11 <unfixed>
- tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
NOTE: https://github.com/apache/tomcat/commit/3f6bd2ba5e53d1f340bbe5ad2d42a28b29440b7a (11.0.23)
NOTE: https://github.com/apache/tomcat/commit/9c3b1efb74fd04f77639720af1d48a8f664ad9bb (10.1.56)
+ NOTE: https://github.com/apache/tomcat/commit/a0374c450970760efafbd8806a1db278830ba7bd (9.0.119)
CVE-2026-55955
- tomcat11 <unfixed>
- tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
NOTE: https://github.com/apache/tomcat/commit/5e594400c7f6ac0eaf2526bd64442a70f5ccaace (11.0.23)
NOTE: https://github.com/apache/tomcat/commit/3a9ff01d2dfaca651edacbda3260e37b98b540d3 (10.1.56)
+ NOTE: https://github.com/apache/tomcat/commit/6a7a432cd7fb4ef358dc12e8da99cf3ab320f3fe (9.0.119)
CVE-2026-55276
- tomcat11 <unfixed>
- tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
NOTE: https://github.com/apache/tomcat/commit/f844614c6d92eeb11e81e179606bf4c390f642dd (11.0.23)
NOTE: https://github.com/apache/tomcat/commit/e391c6b201eae2ad9707a1335aff68ab8b3e0f84 (11.0.23)
NOTE: https://github.com/apache/tomcat/commit/25677f90fd721c26ef0f613d34ef8275b1aafc31 (10.1.56)
NOTE: https://github.com/apache/tomcat/commit/17daf80a738d66a8e6cad05c5e32c2db81500ce1 (10.1.56)
+ NOTE: https://github.com/apache/tomcat/commit/3ca8cae5fd3796b1bd9759e11b0e238161e7a39c (9.0.119)
CVE-2026-53434
- tomcat11 <unfixed>
- tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
NOTE: https://github.com/apache/tomcat/commit/7f8ecdbd930d8c5a7fae73aa0eec9124d919e2f5 (11.0.23)
NOTE: https://github.com/apache/tomcat/commit/feec60d6099727db6f911534f6a0f6926ebab070 (10.1.56)
+ NOTE: https://github.com/apache/tomcat/commit/c48ac39c27f4494f8c96b9d56a487253e362d276 (9.0.119)
CVE-2026-53404
- tomcat11 <unfixed>
- tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
NOTE: https://github.com/apache/tomcat/commit/b647cb584cea8bf95e64f5d2526c59ab8fca3225 (11.0.23)
NOTE: https://github.com/apache/tomcat/commit/bbb6219fa5ac185060bef7842cee5fb90230ca00 (10.1.56)
+ NOTE: https://github.com/apache/tomcat/commit/fe06ae8a71997061596f54189dae1b1b5da75430 (9.0.119)
CVE-2026-50229
- tomcat11 <unfixed>
- tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
NOTE: https://github.com/apache/tomcat/commit/1fe95d841e9d461a16069974142d12c3ef68819a (11.0.23)
NOTE: https://github.com/apache/tomcat/commit/0d5bdd5b0dd964e9f73e530b7d753462b9bfd1d0 (10.1.56)
+ NOTE: https://github.com/apache/tomcat/commit/de5a950415fc67713f17fab63d0c7809e0fca80b (9.0.119)
CVE-2026-13758
- libcryptx-perl 0.089-1
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41398101/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc11f77e0b27bf81f7ce8f7497fa572bfb3b02f5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc11f77e0b27bf81f7ce8f7497fa572bfb3b02f5
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260630/04f91cc8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list