Overview

File _patchinfo of Package patchinfo.38579

<patchinfo incident="38579">
  <issue tracker="cve" id="2025-31651"/>
  <issue tracker="cve" id="2025-31650"/>
  <issue tracker="bnc" id="1242008">VUL-0: CVE-2025-31650: tomcat,tomcat10: DoS via malformed HTTP/2</issue>
  <issue tracker="bnc" id="1242009">VUL-0: CVE-2025-31651: tomcat,tomcat10: Bypass of rules in Rewrite Valve</issue>
  <packager>mbussolotto</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for tomcat10</summary>
  <description>This update for tomcat10 fixes the following issues:

Update to Tomcat 10.1.40

- CVE-2025-31650: invalid priority field values should be ignored (bsc#1242008)
- CVE-2025-31651: Better handling of URLs with literal ';' and '?' (bsc#1242009)
  
Full changelog:

https://tomcat.apache.org/tomcat-10.1-doc/changelog.html
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places