Mark CVE-2021-42340,tomcat9 in buster as not-affected

The vulnerable code was introduced later in version 9.0.40
author: Markus Koschany <apo@debian.org> 2021-11-12 11:07:24 +0100
committer: Markus Koschany <apo@debian.org> 2021-11-12 11:07:24 +0100
commit: 3d3c740e9881dc53c67c5f97cd56e9be72e26ea5 (patch)
tree: 17aeeb6ce7e345f6947a6054af318aa2269d0b38
parent: 2674be22d7391c8643f4982b806d615eca463740 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 9e55ed3995..bbc6874376 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4884,6 +4884,7 @@ CVE-2021-3885
 	RESERVED
 CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...)
 	- tomcat9 9.0.54-1
+	[buster] - tomcat9 <not-affected> (Vulnerable code introduced later)
 	- tomcat8 <removed>
 	[stretch] - tomcat8 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/1
author	Markus Koschany <apo@debian.org>	2021-11-12 11:07:24 +0100
committer	Markus Koschany <apo@debian.org>	2021-11-12 11:07:24 +0100
commit	3d3c740e9881dc53c67c5f97cd56e9be72e26ea5 (patch)
tree	17aeeb6ce7e345f6947a6054af318aa2269d0b38
parent	2674be22d7391c8643f4982b806d615eca463740 (diff)