Public bug reported: The tomcat10 package for 24.04 is currently 11months old, and as a result has multiple high scoring CVE's available.
CVEs: CVE-2024-24549 CVE-2024-23672 CVE-2024-38286 CVE-2024-34750 Between versions 10.1.16 (current) and 10.1.25 (version currently available for 24.10) there have been a number of bug-fixes and enhancements that are also applicable. Sources: CVEs: https://tomcat.apache.org/security-10.html Current packages: https://launchpad.net/ubuntu/+source/tomcat10 Additional bugfixes and enhancments: https://tomcat.apache.org/tomcat-10.1-doc/changelog.html ** Affects: tomcat10 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2086358 Title: Multiple CVE patches, bugfixes, and enhancements availble for 11month old LTS package. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat10/+bug/2086358/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs