Overview

File _patchinfo of Package patchinfo.38578

<patchinfo incident="38578">
  <issue tracker="cve" id="2025-31650"/>
  <issue tracker="cve" id="2025-31651"/>
  <issue tracker="bnc" id="1242009">VUL-0: CVE-2025-31651: tomcat,tomcat10: Bypass of rules in Rewrite Valve</issue>
  <issue tracker="bnc" id="1242008">VUL-0: CVE-2025-31650: tomcat,tomcat10: DoS via malformed HTTP/2</issue>
  <packager>mbussolotto</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for tomcat</summary>
  <description>This update for tomcat fixes the following issues:

Update to Tomcat 9.0.104

- CVE-2025-31650: invalid priority field values should be ignored (bsc#1242008)
- CVE-2025-31651: Better handling of URLs with literal ';' and '?' (bsc#1242009)

Full changelog: 

https://tomcat.apache.org/tomcat-9.0-doc/changelog.htm
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places