Overview

File _patchinfo of Package patchinfo.40276

<patchinfo incident="40276">
  <issue tracker="cve" id="2025-49125"/>
  <issue tracker="cve" id="2025-53506"/>
  <issue tracker="cve" id="2025-52520"/>
  <issue tracker="bnc" id="1246388">VUL-0: CVE-2025-52520: tomcat,tomcat10,tomcat11,tomcat6: integer overflow can lead to DoS for some unlikely configurations of multipart upload</issue>
  <issue tracker="bnc" id="1246318">VUL-0: CVE-2025-53506: tomcat,tomcat10,tomcat11: uncontrolled resource HTTP/2 client consumption vulnerability</issue>
  <packager>mbussolotto</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for tomcat10</summary>
  <description>This update for tomcat10 fixes the following issues:

Updated to Tomcat 10.1.43i:
- CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload (bsc#1246388)
- CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318)

Other:
- Correct a regression in the fix for CVE-2025-49125 that
  prevented access to PreResources and PostResources when mounted below the
  web application root with a path that was terminated with a file
  separator.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places