Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package modsecurity for openSUSE:Factory checked in at 2023-09-06 18:57:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/modsecurity (Old) and /work/SRC/openSUSE:Factory/.modsecurity.new.1766 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "modsecurity" Wed Sep 6 18:57:58 2023 rev:8 rq:1109075 version:3.0.10 Changes: -------- --- /work/SRC/openSUSE:Factory/modsecurity/modsecurity.changes 2023-05-17 10:53:44.727545854 +0200 +++ /work/SRC/openSUSE:Factory/.modsecurity.new.1766/modsecurity.changes 2023-09-06 19:01:41.455039729 +0200 @@ -1,0 +2,20 @@ +Mon Sep 4 15:59:43 UTC 2023 - David Anes <david.a...@suse.com> + +- Update to version 3.0.10: + * Security impacting issue (fix bsc#1213702, CVE-2023-38285) + - Fix: worst-case time in implementation of four transformations + - Additional information on this issue is available at + https://www.trustwave.com/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/ + * Enhancements and bug fixes + - Add TX synonym for MSC_PCRE_LIMITS_EXCEEDED + - Make MULTIPART_PART_HEADERS accessible to lua + - Fix: Lua scripts cannot read whole collection at once + - Fix: quoted Include config with wildcard + - Support isolated PCRE match limits + - Fix: meta actions not applied if multiMatch in first rule of chain + - Fix: audit log may omit tags when multiMatch + - Exclude CRLF from MULTIPART_PART_HEADER value + - Configure: use AS_ECHO_N instead echo -n + - Adjust position of memset from 2890 + +------------------------------------------------------------------- Old: ---- modsecurity-v3.0.9.tar.gz New: ---- modsecurity-v3.0.10.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ modsecurity.spec ++++++ --- /var/tmp/diff_new_pack.d0wTaJ/_old 2023-09-06 19:01:42.859089779 +0200 +++ /var/tmp/diff_new_pack.d0wTaJ/_new 2023-09-06 19:01:42.867090065 +0200 @@ -17,7 +17,7 @@ Name: modsecurity -Version: 3.0.9 +Version: 3.0.10 Release: 0 Summary: Web application firewall engine License: BSD-2-Clause ++++++ modsecurity-v3.0.9.tar.gz -> modsecurity-v3.0.10.tar.gz ++++++ ++++ 23133 lines of diff (skipped)
