[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2021-42340,tomcat9 in buster as not-affected

Markus Koschany (@apo) apo at debian.org
Fri Nov 12 10:09:29 GMT 2021 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3d3c740e by Markus Koschany at 2021-11-12T11:07:24+01:00
Mark CVE-2021-42340,tomcat9 in buster as not-affected

The vulnerable code was introduced later in version 9.0.40

- - - - -
4d938f0c by Markus Koschany at 2021-11-12T11:08:53+01:00
Reserve DSA-5009-1 for tomcat9

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4884,6 +4884,7 @@ CVE-2021-3885
 	RESERVED
 CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...)
 	- tomcat9 9.0.54-1
+	[buster] - tomcat9 <not-affected> (Vulnerable code introduced later)
 	- tomcat8 <removed>
 	[stretch] - tomcat8 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/1


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[12 Nov 2021] DSA-5009-1 tomcat9 - security update
+	{CVE-2021-42340}
+	[bullseye] - tomcat9 9.0.43-2~deb11u3
 [11 Nov 2021] DSA-5008-1 node-tar - security update
 	{CVE-2021-37701 CVE-2021-37712}
 	[bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u2


=====================================
data/dsa-needed.txt
=====================================
@@ -54,8 +54,6 @@ samba/oldstable (carnil)
 thunderbird (jmm)
   Rust toolchain updates needed
 --
-tomcat9 (apo)
---
 trafficserver (jmm)
   wait until status for CVE-2021-38161 is clarified (upstream patch got reverted)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2674be22d7391c8643f4982b806d615eca463740...4d938f0cd005f3b7ff57e8271ceb65eb0ae3d3a0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2674be22d7391c8643f4982b806d615eca463740...4d938f0cd005f3b7ff57e8271ceb65eb0ae3d3a0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211112/7dafce46/attachment.htm>

More information about the debian-security-tracker-commits mailing list