[Git][security-tracker-team/security-tracker][master] Reserve DLA-3031-1 for modsecurity-apache

Chris Lamb (@lamby) lamby at debian.org
Sat May 28 08:40:50 BST 2022 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e45b3ad by Chris Lamb at 2022-05-28T08:40:23+01:00
Reserve DLA-3031-1 for modsecurity-apache

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -41833,7 +41833,6 @@ CVE-2021-42717 (ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON
 	[bullseye] - modsecurity <no-dsa> (Minor issue; does not have connector packages in Debian)
 	[buster] - modsecurity <no-dsa> (Minor issue; does not have connector packages in Debian)
 	- modsecurity-apache 2.9.5-1
-	[stretch] - modsecurity-apache <postponed> (revisit when/if fixed upstream)
 	NOTE: https://github.com/SpiderLabs/ModSecurity/issues/2647
 	NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-dos-vulnerability-in-json-parsing-cve-2021-42717/
 	NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/41918335fa4c74fba46a986771a5a6cb457070c4 (v2.9.5)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 May 2022] DLA-3031-1 modsecurity-apache - security update
+	{CVE-2021-42717}
+	[stretch] - modsecurity-apache 2.9.1-2+deb9u1
 [27 May 2022] DLA-3030-1 zipios++ - security update
 	{CVE-2019-13453}
 	[stretch] - zipios++ 0.1.5.9+cvs.2007.04.28-6+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -145,9 +145,6 @@ mbedtls (Utkarsh)
   NOTE: 20220516: helf off upload to see if the other one should
   NOTE: 20220516: be squeezed in. waiting on -pu. (utkarsh)
 --
-modsecurity-apache (Chris Lamb)
-  NOTE: 20220524: Follow buster: harmonize with with DSA-5023-1 (1 CVE) (Beuc/front-desk)
---
 modsecurity-crs
   NOTE: 20220524: Follow buster: harmonize with with Debian 10.2 and 10.11 (2 CVEs) (Beuc/front-desk)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e45b3adfe45f58ccb8617b66753e7b622dc8efc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e45b3adfe45f58ccb8617b66753e7b622dc8efc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220528/508925aa/attachment.htm>

More information about the debian-security-tracker-commits mailing list