Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fc11f77e by Salvatore Bonaccorso at 2026-06-30T09:01:43+02:00
Add new tomcat9 issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,35 +1,53 @@
CVE-2026-55956
- tomcat11 <unfixed>
- tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE:
https://github.com/apache/tomcat/commit/3f6bd2ba5e53d1f340bbe5ad2d42a28b29440b7a
(11.0.23)
NOTE:
https://github.com/apache/tomcat/commit/9c3b1efb74fd04f77639720af1d48a8f664ad9bb
(10.1.56)
+ NOTE:
https://github.com/apache/tomcat/commit/a0374c450970760efafbd8806a1db278830ba7bd
(9.0.119)
CVE-2026-55955
- tomcat11 <unfixed>
- tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE:
https://github.com/apache/tomcat/commit/5e594400c7f6ac0eaf2526bd64442a70f5ccaace
(11.0.23)
NOTE:
https://github.com/apache/tomcat/commit/3a9ff01d2dfaca651edacbda3260e37b98b540d3
(10.1.56)
+ NOTE:
https://github.com/apache/tomcat/commit/6a7a432cd7fb4ef358dc12e8da99cf3ab320f3fe
(9.0.119)
CVE-2026-55276
- tomcat11 <unfixed>
- tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE:
https://github.com/apache/tomcat/commit/f844614c6d92eeb11e81e179606bf4c390f642dd
(11.0.23)
NOTE:
https://github.com/apache/tomcat/commit/e391c6b201eae2ad9707a1335aff68ab8b3e0f84
(11.0.23)
NOTE:
https://github.com/apache/tomcat/commit/25677f90fd721c26ef0f613d34ef8275b1aafc31
(10.1.56)
NOTE:
https://github.com/apache/tomcat/commit/17daf80a738d66a8e6cad05c5e32c2db81500ce1
(10.1.56)
+ NOTE:
https://github.com/apache/tomcat/commit/3ca8cae5fd3796b1bd9759e11b0e238161e7a39c
(9.0.119)
CVE-2026-53434
- tomcat11 <unfixed>
- tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE:
https://github.com/apache/tomcat/commit/7f8ecdbd930d8c5a7fae73aa0eec9124d919e2f5
(11.0.23)
NOTE:
https://github.com/apache/tomcat/commit/feec60d6099727db6f911534f6a0f6926ebab070
(10.1.56)
+ NOTE:
https://github.com/apache/tomcat/commit/c48ac39c27f4494f8c96b9d56a487253e362d276
(9.0.119)
CVE-2026-53404
- tomcat11 <unfixed>
- tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE:
https://github.com/apache/tomcat/commit/b647cb584cea8bf95e64f5d2526c59ab8fca3225
(11.0.23)
NOTE:
https://github.com/apache/tomcat/commit/bbb6219fa5ac185060bef7842cee5fb90230ca00
(10.1.56)
+ NOTE:
https://github.com/apache/tomcat/commit/fe06ae8a71997061596f54189dae1b1b5da75430
(9.0.119)
CVE-2026-50229
- tomcat11 <unfixed>
- tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE:
https://github.com/apache/tomcat/commit/1fe95d841e9d461a16069974142d12c3ef68819a
(11.0.23)
NOTE:
https://github.com/apache/tomcat/commit/0d5bdd5b0dd964e9f73e530b7d753462b9bfd1d0
(10.1.56)
+ NOTE:
https://github.com/apache/tomcat/commit/de5a950415fc67713f17fab63d0c7809e0fca80b
(9.0.119)
CVE-2026-13758
- libcryptx-perl 0.089-1
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41398101/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc11f77e0b27bf81f7ce8f7497fa572bfb3b02f5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc11f77e0b27bf81f7ce8f7497fa572bfb3b02f5
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits