Fix CVE-2025-24813

Resolves: RHEL-82927 - tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
2025-04-14 07:30:22 +02:00 · 2025-04-14 07:30:22 +02:00 · 916ab516bb
commit 916ab516bb
parent d77a2c5118
3 changed files with 8 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
 /tomcat-9.0.87.redhat-00005-src.zip
 /tomcat-9.0.87.redhat-00006-src.zip
+/tomcat-9.0.87.redhat-00008-src.zip
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (tomcat-9.0.87.redhat-00006-src.zip) = b4696cff161bc872ca420aed24f865f09820dadbde3a9c619138c4dc1a11c215d4d41dcd0c108a0d0b8c85dedf6c53fcbceb375a40f37f9a68a3c2a630d909cc
+SHA512 (tomcat-9.0.87.redhat-00008-src.zip) = 5863c033928427db91d1ecf92485641aa3de8d0bf38dd23293c6d86667da46df77b592342031f7caf915a52ed87a415a1d88937809a0b799a17b5901ceda03c2
--- a/tomcat9.spec
+++ b/tomcat9.spec
@ -32,7 +32,7 @@
 %global major_version 9
 %global minor_version 0
 %global micro_version 87
-%global packdname tomcat-%{major_version}.%{minor_version}.%{micro_version}.redhat-00006-src
+%global packdname tomcat-%{major_version}.%{minor_version}.%{micro_version}.redhat-00008-src
 %global servletspec 4.0
 %global elspec 3.0
 %global tcuid 53
@ -53,7 +53,7 @@
 Name:          tomcat9
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       4%{?dist}
+Release:       5%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API

 License:       Apache-2.0
@ -622,6 +622,10 @@ fi
 %{appdir}/ROOT

 %changelog
+* Mon Apr 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5
+- Resolves: RHEL-82927
+  tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
+
 * Thu Feb 13 2025 Joe Orton <jorton@redhat.com> - 1:9.0.87-4
 - add Obsoletes to aid upgrade path from tomcat-9.x
  Resolves: RHEL-79313