Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3d3c740e by Markus Koschany at 2021-11-12T11:07:24+01:00
Mark CVE-2021-42340,tomcat9 in buster as not-affected
The vulnerable code was introduced later in version 9.0.40
- - - - -
4d938f0c by Markus Koschany at 2021-11-12T11:08:53+01:00
Reserve DSA-5009-1 for tomcat9
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4884,6 +4884,7 @@ CVE-2021-3885
RESERVED
CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to
10.1.0-M5, ...)
- tomcat9 9.0.54-1
+ [buster] - tomcat9 <not-affected> (Vulnerable code introduced later)
- tomcat8 <removed>
[stretch] - tomcat8 <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/1
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[12 Nov 2021] DSA-5009-1 tomcat9 - security update
+ {CVE-2021-42340}
+ [bullseye] - tomcat9 9.0.43-2~deb11u3
[11 Nov 2021] DSA-5008-1 node-tar - security update
{CVE-2021-37701 CVE-2021-37712}
[bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u2
=====================================
data/dsa-needed.txt
=====================================
@@ -54,8 +54,6 @@ samba/oldstable (carnil)
thunderbird (jmm)
Rust toolchain updates needed
--
-tomcat9 (apo)
---
trafficserver (jmm)
wait until status for CVE-2021-38161 is clarified (upstream patch got
reverted)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2674be22d7391c8643f4982b806d615eca463740...4d938f0cd005f3b7ff57e8271ceb65eb0ae3d3a0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2674be22d7391c8643f4982b806d615eca463740...4d938f0cd005f3b7ff57e8271ceb65eb0ae3d3a0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
