Add CVE-2021-42340/tomcat9

author: Salvatore Bonaccorso <carnil@debian.org> 2021-10-15 22:33:41 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-10-15 22:33:41 +0200
commit: 6a9e6a84e06cc407bf263a9b6a68713e908aa899 (patch)
tree: 1fecb42fb100e43c3be0fe1d8ac4b50dbeb098f8
parent: 522f3ab253f644e03bc81db6f79f0c328732f0f7 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 7ce53ff854..9c413fddc4 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -442,7 +442,12 @@ CVE-2021-3886
 CVE-2021-3885
 	RESERVED
 CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...)
-	TODO: check
+	- tomcat9 <unfixed>
+	- tomcat8 <removed>
+	NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/1
+	NOTE: https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47 (9.0.54)
+	NOTE: https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a (8.5.72)
+	NOTE: Fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63362 introduced the memory leak.
 CVE-2021-3884
 	RESERVED
 CVE-2021-3883
author	Salvatore Bonaccorso <carnil@debian.org>	2021-10-15 22:33:41 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-10-15 22:33:41 +0200
commit	6a9e6a84e06cc407bf263a9b6a68713e908aa899 (patch)
tree	1fecb42fb100e43c3be0fe1d8ac4b50dbeb098f8
parent	522f3ab253f644e03bc81db6f79f0c328732f0f7 (diff)