[Git][security-tracker-team/security-tracker][master] Reserve DLA-4294-1 for modsecurity-apache
Adrian Bunk (@bunk)
bunk at debian.org
Sun Sep 7 13:20:02 BST 2025
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1a08d713 by Adrian Bunk at 2025-09-07T15:19:47+03:00
Reserve DLA-4294-1 for modsecurity-apache
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -10093,7 +10093,6 @@ CVE-2025-54571 (ModSecurity is an open source, cross platform web application fi
- modsecurity-apache 2.9.12-2 (bug #1110480)
[trixie] - modsecurity-apache <no-dsa> (Minor issue; will be fixed via point release)
[bookworm] - modsecurity-apache <no-dsa> (Minor issue; will be fixed via point release)
- [bullseye] - modsecurity-apache <postponed> (Minor issue)
NOTE: https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-cg44-9m43-3f9v
NOTE: https://github.com/owasp-modsecurity/ModSecurity/issues/2514
NOTE: Fixed by: https://github.com/owasp-modsecurity/ModSecurity/commit/dfbde557acc41d858dbe04d4b6eaec64478347ff (v2.9.12)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Sep 2025] DLA-4294-1 modsecurity-apache - security update
+ {CVE-2025-54571}
+ [bullseye] - modsecurity-apache 2.9.3-3+deb11u5
[06 Sep 2025] DLA-4293-1 wireless-regdb - security update
[bullseye] - wireless-regdb 2025.07.10-1~deb11u1
[04 Sep 2025] DLA-4292-1 clamav - security update
=====================================
data/dla-needed.txt
=====================================
@@ -255,10 +255,6 @@ mimetex
NOTE: 20250629: There doesn't seem to be a fix so far according to #1103801 (dleidert)
NOTE: 20250629: Best course of action seems to be some kind of mitigation similar to https://moodle.org/mod/forum/discuss.php?d=467592 (dleidert)
--
-modsecurity-apache (bunk)
- NOTE: 20250822: Added by Front-Desk (dleidert)
- NOTE: 20250822: maintainers are going to prepare PUs for Trixie and Bookworm (#1110480); follow-up with fix for LTS (dleidert)
---
nagvis
NOTE: 20250117: Added by Front-Desk (rouca)
NOTE: 20250119: Also check/fix https://bugs.debian.org/1061044
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a08d713c6b270182069dbb7370c6fdd2ce3da50
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a08d713c6b270182069dbb7370c6fdd2ce3da50
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250907/140bf2c4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list