From 4b7ae8c6a032be20ec6b09e6edc167632420b614 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 15 Oct 2021 22:33:41 +0200
Subject: Add CVE-2021-42340/tomcat9

---
 data/CVE/2021.list | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 7ce53ff854..9c413fddc4 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -442,7 +442,12 @@ CVE-2021-3886
 CVE-2021-3885
 	RESERVED
 CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...)
-	TODO: check
+	- tomcat9 <unfixed>
+	- tomcat8 <removed>
+	NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/1
+	NOTE: https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47 (9.0.54)
+	NOTE: https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a (8.5.72)
+	NOTE: Fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63362 introduced the memory leak.
 CVE-2021-3884
 	RESERVED
 CVE-2021-3883
-- 
cgit v1.2.3