Add CVE-2021-42340/tomcat9

author: Salvatore Bonaccorso <carnil@debian.org> 2021-10-15 22:33:41 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-10-15 22:33:41 +0200
commit: f79a97898b729d7b5539d3398de16a9d43097be7 (patch)
tree: 023973b79229e64cd89d6340d9c1f9448b30a187
parent: 72fdb20cbfb8acd1625b5fcf312466828cad47dc (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 0b0b28bbf0..eb8e4fbf1d 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1462,7 +1462,12 @@ CVE-2021-3886
 CVE-2021-3885
 	RESERVED
 CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...)
-	TODO: check
+	- tomcat9 <unfixed>
+	- tomcat8 <removed>
+	NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/1
+	NOTE: https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47 (9.0.54)
+	NOTE: https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a (8.5.72)
+	NOTE: Fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63362 introduced the memory leak.
 CVE-2021-3884
 	RESERVED
 CVE-2021-3883
author	Salvatore Bonaccorso <carnil@debian.org>	2021-10-15 22:33:41 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-10-15 22:33:41 +0200
commit	f79a97898b729d7b5539d3398de16a9d43097be7 (patch)
tree	023973b79229e64cd89d6340d9c1f9448b30a187
parent	72fdb20cbfb8acd1625b5fcf312466828cad47dc (diff)