[Git][security-tracker-team/security-tracker][master] Add CVE-2026-55957/tomcat

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 30 08:25:28 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0dda32c4 by Salvatore Bonaccorso at 2026-06-30T09:25:17+02:00
Add CVE-2026-55957/tomcat

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,16 @@ CVE-2026-56808 (DGM3103SCT provided by AVTECH Security Corporation contains an O
 CVE-2026-56137 (RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS ...)
 	TODO: check
 CVE-2026-55957 (Missing Critical Step in Authentication vulnerability in Apache Tomcat ...)
-	TODO: check
+	- tomcat11 11.0.5-1
+	[trixie] - tomcat11 11.0.15-1~deb13u1
+	- tomcat10 10.1.40-1
+	[trixie] - tomcat10 10.1.52-1~deb13u1
+	[bookworm] - tomcat10 10.1.52-1~deb12u1
+	- tomcat9 9.0.70-2
+	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
+	NOTE: https://github.com/apache/tomcat/commit/fd96ab415631eea44636c94f911dd38427070ef9 (11.0.5)
+	NOTE: https://github.com/apache/tomcat/commit/0cd21c0393b8811af22daddbba7b4e7328e2d79e (10.1.37)
+	NOTE: https://github.com/apache/tomcat/commit/c32bbd37ea9ee0aaab848af4ee1c9a76e84240ea (9.0.101)
 CVE-2026-54889 (Improper Neutralization of Input During Web Page Generation (XSS) vuln ...)
 	TODO: check
 CVE-2026-54888 (Uncontrolled Recursion vulnerability in leandrocp mdex allows denial o ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dda32c426c0e5887a44b7c54f383065e60e9d7a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dda32c426c0e5887a44b7c54f383065e60e9d7a
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260630/f25b817d/attachment.htm>


More information about the debian-security-tracker-commits mailing list