import OL tomcat-10.1.36-3.el10_1.1

2025-12-11 07:47:58 +00:00 · 2025-12-11 07:47:58 +00:00 · 0dcada2164
commit 0dcada2164
parent 7b2d3bd8e4
3 changed files with 28 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-tomcat-10.1.36.redhat-00007-src.zip
+tomcat-10.1.36.redhat-00018-src.zip
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (tomcat-10.1.36.redhat-00007-src.zip) = 2b40fad4c984278a4fa4e25e2ff9ac16866edf49f8b026531f491af1392f3e9315fde24c4fc07d4f4fe12f2ae8d1fa402bf3b4f02ce2a14f448d7076f4cdaa33
+SHA512 (tomcat-10.1.36.redhat-00018-src.zip) = d3ab283de966dbeaa4fec372c2e15347101fc6c435883fc14e443051afbe9cad6e044a8ffe8ac8acd096f4e00c94a25b423871eb7dc81e9d837cc23e7cc703fd
--- a/tomcat.spec
+++ b/tomcat.spec
@ -32,7 +32,7 @@
 %global major_version 10
 %global minor_version 1
 %global micro_version 36
-%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00007-src
+%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00018-src
 %global servletspec 6.0
 %global elspec 5.0
 %global tcuid 53
@ -54,7 +54,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       1%{?dist}
+Release:       3%{?dist}.1
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API

 License:       Apache-2.0
@ -543,6 +543,30 @@ exit 0
 %{appdir}/ROOT

 %changelog
+* Thu Nov 27 2025 Adam Krajcik <akrajcik@redhat.com> - 1:10.1.36-3.el10_1.1
+- Resolves: RHEL-124494
+  tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
+- Resolves: RHEL-91729
+  tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
+- Resolves: RHEL-132527
+  tomcat: Denial of service (CVE-2025-61795)
+
+* Thu Aug 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:10.1.36-3
+- Resolves: RHEL-102184
+  tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)
+- Resolves: RHEL-108906
+  tomcat: Denial of service (CVE-2025-52520)
+
+* Wed Aug 13 2025 Adam Krajcik <akrajcik@redhat.com> - 1:10.1.36-2
+- Resolves: RHEL-108900
+  tomcat: Apache  FileUpload DOS via part headers (CVE-2025-48976)
+- Resolves: RHEL-108902
+  tomcat: Dos in multipart upload (CVE-2025-48988)
+- Resolves: RHEL-108904
+  tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
+- Resolves: RHEL-108908
+  tomcat: Denial of service (CVE-2025-53506)
+
 * Mon Apr 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:10.1.36-1
 - Rebase tomcat to 10.1.36
 - Resolves: RHEL-82925