CVE-2023-46589 (https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr): Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=41e79b6cbfc1c5cecca19531d6af0bead808b71f commit 41e79b6cbfc1c5cecca19531d6af0bead808b71f Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2023-11-28 19:21:55 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2023-11-28 19:21:55 +0000 www-servers/tomcat: dropped obsolete 8.5.95-r1, 9.0.82 & 10.1.15 (security) Bug: https://bugs.gentoo.org/918696 Bug: https://bugs.gentoo.org/918700 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> www-servers/tomcat/Manifest | 7 -- www-servers/tomcat/tomcat-10.1.15.ebuild | 181 ----------------------------- www-servers/tomcat/tomcat-8.5.95-r1.ebuild | 157 ------------------------- www-servers/tomcat/tomcat-9.0.82.ebuild | 180 ---------------------------- 4 files changed, 525 deletions(-)
the tree is clean now, you can proceed.