[Git][security-tracker-team/security-tracker][master] Reserve DLA-3283-1 for modsecurity-apache

Tobias Frost (@tobi) tobi at debian.org
Thu Jan 26 18:32:23 GMT 2023 


Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a96eb0b6 by Tobias Frost at 2023-01-26T19:32:10+01:00
Reserve DLA-3283-1 for modsecurity-apache

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Jan 2023] DLA-3283-1 modsecurity-apache - security update
+	{CVE-2022-48279 CVE-2023-24021}
+	[buster] - modsecurity-apache 2.9.3-1+deb10u2
 [26 Jan 2023] DLA-3282-1 git - security update
 	{CVE-2022-23521 CVE-2022-41903}
 	[buster] - git 1:2.20.1-2+deb10u7


=====================================
data/dla-needed.txt
=====================================
@@ -161,16 +161,6 @@ man2html
   NOTE: 20221004: It looks like not patch is available.
   NOTE: 20221004: Please evalulate, whether the issue can be marked as <ignored>.
 --
-modsecurity-apache (Tobias Frost)
-  NOTE: 20230120: From IRC:
-  NOTE: 20230120: <tobi>: a backport in modsecurity(-apache) is needed as well [...]
-  NOTE: 20230120: this is in reference to fixing the CVE is in modsecurity-crs.
-  NOTE: 20230120: Requested two CVEs for modecurity-apache (tobi)
-  NOTE: 20230120: 1) for https://github.com/SpiderLabs/ModSecurity/pull/2857 (WAF bypass vulnerabilty)
-  NOTE: 20230120: 2) for https://github.com/SpiderLabs/ModSecurity/pull/2797 (the counterpart of CVE 2022-39956)
-  NOTE: 20230123: Programming language: C
-  NOTE: 20230123: VCS: https://salsa.debian.org/lts-team/packages/modsecurity-apache.git
---
 modsecurity-crs (Tobias Frost)
   NOTE: 20221006: Programming language: Other.
   NOTE: 20221006: Maintainer notes: Please contact maintainer. Consider uploading of newer version.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a96eb0b6254988ec892cbcef597dddbc7c1d000b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a96eb0b6254988ec892cbcef597dddbc7c1d000b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230126/30fd8d04/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list