From 5a7dde43b21f937ac43dd557726a1375bc903d55 Mon Sep 17 00:00:00 2001
From: Jacob Wang <jacob.wang@openanolis.org>
Date: Wed, 9 Apr 2025 16:37:36 +0800
Subject: [PATCH] [CVE]update to tomcat-9.0.87-1.3

to #IBZRLW

update to tomcat-9.0.87-1.3 for CVE-2024-50379 CVE-2025-24813

Project: TC2024080204
Signed-off-by: Jacob Wang <jacob.wang@openanolis.org>
---
 download    |  2 +-
 tomcat.spec | 10 ++++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/download b/download
index 784de01..76b5b5a 100644
--- a/download
+++ b/download
@@ -1 +1 @@
-959938cb02d1b1267141c6acd390aedb  tomcat-9.0.87.redhat-00005-src.zip
+18a2957ed318b2c569d38376dbc893c8  tomcat-9.0.87.redhat-00008-src.zip
diff --git a/tomcat.spec b/tomcat.spec
index 3e34334..7e9ee92 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -32,7 +32,7 @@
 %global major_version 9
 %global minor_version 0
 %global micro_version 87
-%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00005-src
+%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00008-src
 %global servletspec 4.0
 %global elspec 3.0
 %global tcuid 53
@@ -56,7 +56,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       1%{?dist}.2
+Release:       1%{?dist}.3
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 License:       ASL 2.0
@@ -556,6 +556,12 @@ fi
 
 
 %changelog
+* Wed Apr 02 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.3
+- Resolves: RHEL-82934
+  tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
+- Resolves: RHEL-71708
+  tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)
+
 * Thu Aug 08 2024 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.2
 - Resolves: RHEL-46167
   tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)
-- 
Gitee