diff --git a/.gitignore b/.gitignore index 6e4d38f..25fdd28 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ /tomcat-9.0.87.redhat-00005-src.zip /tomcat-9.0.87.redhat-00008-src.zip /tomcat-9.0.87.redhat-00010-src.zip +/tomcat-9.0.87.redhat-00011-src.zip diff --git a/sources b/sources index 7a0d3a5..4e080da 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (tomcat-9.0.87.redhat-00010-src.zip) = fd65e91c2fd11d48396692e0e88fbba8c2025ec35cbefb29b9b192c516af958ad357a1232e21abd262187d14add45b1441c34d3fa76ac40ba0866febbbfb341d +SHA512 (tomcat-9.0.87.redhat-00011-src.zip) = a5cd593edb6925ab9bc123faa2476815e61f31a3d22962149c041861bacfeba15fff77d3c56565e8283177fcdc84cf2d1b70b6a60732e9bab154f36cf438912a diff --git a/tomcat.spec b/tomcat.spec index ca0ef59..b7a5e31 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -32,7 +32,7 @@ %global major_version 9 %global minor_version 0 %global micro_version 87 -%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00010-src +%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00011-src %global servletspec 4.0 %global elspec 3.0 %global tcuid 53 @@ -56,7 +56,7 @@ Name: tomcat Epoch: 1 Version: %{major_version}.%{minor_version}.%{micro_version} -Release: 1%{?dist}.4 +Release: 1%{?dist}.5 Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API License: ASL 2.0 @@ -556,6 +556,20 @@ fi %changelog +* Tue Aug 12 2025 Adam Krajcik - 1:9.0.87-1.el8_10.5 +- Resolves: RHEL-108486 + tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976) +- Resolves: RHEL-108494 + tomcat: Dos in multipart upload (CVE-2025-48988) +- Resolves: RHEL-108502 + tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125) +- Resolves: RHEL-108510 + tomcat: Denial of service (CVE-2025-52434) +- Resolves: RHEL-108524 + tomcat: Denial of service (CVE-2025-52520) +- Resolves: RHEL-108518 + tomcat: Denial of service (CVE-2025-53506) + * Mon May 26 2025 Adam Krajcik - 1:9.0.87-1.el8_10.4 - Resolves: RHEL-91761 tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)