[Git][security-tracker-team/security-tracker][master] Reserve DLA-4488-1 for modsecurity-crs

Tobias Frost (@tobi) tobi at debian.org
Sun Feb 22 09:58:13 GMT 2026 


Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd1264dd by Tobias Frost at 2026-02-22T10:58:00+01:00
Reserve DLA-4488-1 for modsecurity-crs

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -274945,7 +274945,6 @@ CVE-2023-3319 (Improper Neutralization of Input During Web Page Generation ('Cro
 CVE-2023-38199 (coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does n ...)
 	- modsecurity-crs 3.3.5-1 (bug #1041109)
 	[bookworm] - modsecurity-crs <no-dsa> (Minor issue)
-	[bullseye] - modsecurity-crs <no-dsa> (Minor issue)
 	[buster] - modsecurity-crs <postponed> (Minor issue)
 	NOTE: https://github.com/coreruleset/coreruleset/issues/3191
 	NOTE: https://github.com/coreruleset/coreruleset/pull/3237


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Feb 2026] DLA-4488-1 modsecurity-crs - security update
+	{CVE-2023-38199 CVE-2026-21876}
+	[bullseye] - modsecurity-crs 3.3.4-1~deb11u2
 [21 Feb 2026] DLA-4487-1 gegl - security update
 	{CVE-2026-2049 CVE-2026-2050}
 	[bullseye] - gegl 1:0.4.26-2+deb11u2


=====================================
data/dla-needed.txt
=====================================
@@ -258,10 +258,6 @@ mimetex
   NOTE: 20250629: There doesn't seem to be a fix so far according to #1103801 (dleidert)
   NOTE: 20250629: Best course of action seems to be some kind of mitigation similar to https://moodle.org/mod/forum/discuss.php?d=467592 (dleidert)
 --
-modsecurity-crs (tobi)
-  NOTE: 20260123: Added by Front-Desk (pochu)
-  NOTE: 20260124: Reached out to maintainer to review on CVE-2026-21876, advice on CVE-2023-38199.
---
 nagvis
   NOTE: 20250117: Added by Front-Desk (rouca)
   NOTE: 20250119: Also check/fix https://bugs.debian.org/1061044



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd1264ddc7c9616ace07946315a6aea6305f74a0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd1264ddc7c9616ace07946315a6aea6305f74a0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260222/3b4f75b9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list