Fix for CVE-2023-46589 in Jammy's tomcat9
Bug #2047933 reported by
Troels Arvin
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tomcat9 (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Jammy |
New
|
Undecided
|
Unassigned |
Bug Description
Ubuntu 22 Jammy lacks a fix for CVE-2023-46589 (CVE date: 2023-10-23, CVSS3 severity 7.5).
Debian writes they have fixed it by releasing tomcat9 v 9.0.70-2 for "sid" and "bookworm": https:/
(That's a bit surprising, since Debian's package 9.0.70-2 is from May of 2023.)
Ubuntu should release a tomcat9 with a fix for the vulnerability.
CVE References
To post a comment you must log in.
Please note that tomcat9 in Ubuntu Jammy is in universe and community supported. If you can contribute the fix, please see https:/ /wiki.ubuntu. com/SecurityTea m/UpdateProcedu res