Your message dated Sun, 30 Apr 2023 19:34:21 +0000
with message-id <[email protected]>
and subject line Bug#1035083: fixed in modsecurity 3.0.9-1
has caused the Debian Bug report #1035083,
regarding modsecurity: CVE-2023-28882
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1035083: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035083
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: modsecurity
Version: 3.0.8-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for modsecurity.
CVE-2023-28882[0]:
| Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial
| of service (worker crash and unresponsiveness) because some inputs
| cause a segfault in the Transaction class for some configurations.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-28882
https://www.cve.org/CVERecord?id=CVE-2023-28882
[1]
https://www.trustwave.com/en-us/resources/security-resources/software-updates/announcing-modsecurity-version-309/
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: modsecurity
Source-Version: 3.0.9-1
Done: Alberto Gonzalez Iniesta <[email protected]>
We believe that the bug you reported is fixed in the latest version of
modsecurity, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alberto Gonzalez Iniesta <[email protected]> (supplier of updated modsecurity
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 25 Apr 2023 11:49:24 +0200
Source: modsecurity
Architecture: source
Version: 3.0.9-1
Distribution: unstable
Urgency: medium
Maintainer: Alberto Gonzalez Iniesta <[email protected]>
Changed-By: Alberto Gonzalez Iniesta <[email protected]>
Closes: 1035083
Changes:
modsecurity (3.0.9-1) unstable; urgency=medium
.
* New upstream version.
Fixes DoS CVE-2023-28882. (Closes: #1035083)
* Removed patches/pcrem4.patch, applied upstream.
Checksums-Sha1:
ddd0c35384c26abf5c6882927e6d85f612075954 2077 modsecurity_3.0.9-1.dsc
0f5e4c28938bb90a60fc3d613cf30aded36279b9 3337195 modsecurity_3.0.9.orig.tar.gz
6bdc22b868aab31be65d32b535434381c9bb1d3b 7420 modsecurity_3.0.9-1.debian.tar.xz
cee137f471266fcad426f3413725adf49a570431 7889
modsecurity_3.0.9-1_amd64.buildinfo
Checksums-Sha256:
f4e885e71145b12e8467255d23c94dcb78a6ca49ad2c1fc99a9e882ac2cff491 2077
modsecurity_3.0.9-1.dsc
a5111ecd23e332a1d7c9652dbdb18517a96b21573315cb887a8e86761b95d3d8 3337195
modsecurity_3.0.9.orig.tar.gz
465eaab173f9379a82772637d75ad02d73d532a66bb820584d9adab6dc8770b0 7420
modsecurity_3.0.9-1.debian.tar.xz
5ec22bcb6a3702473bd9190ba57809611ca445e191c7d329db74c6ff7b9cb9b2 7889
modsecurity_3.0.9-1_amd64.buildinfo
Files:
765467b5eac9564dc145a5665e80d7be 2077 libs optional modsecurity_3.0.9-1.dsc
17f78ea7c2cff1be1f570f38ae6f7a30 3337195 libs optional
modsecurity_3.0.9.orig.tar.gz
9d3e0df45577c061d285f1f71d4f03a4 7420 libs optional
modsecurity_3.0.9-1.debian.tar.xz
691787cf578a78ca0b96d5880bea2afd 7889 libs optional
modsecurity_3.0.9-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEEU0fL2D4wqetNfUvyAJszdWuaqlUFAmROu50QHGFnaUBpbml0
dGFiLm9yZwAKCRAAmzN1a5qqVf3zEACklmRII6k7GOQTZJolMW49koBUxKl+Vp1l
E/IYBJCpS2sO95uIYosfU+qlFn+OCLUnIpBj40+YWnzBZP3lGa9e1N3IRPvUhZ5O
d0kJ03ZEnVz6o+jNxJEhO4JDm6SYLLkhqcu9QiV76GTsdGyrpionehCJO0sRWXvG
n2ffaPOlII8Pj/4AwXXACImNK/5TfoJZJraNVafUF7fWqJDvi3+ePv2RToAQHhUm
BuwMbqEYDMCzXHjCIJS+rYV3+0U4FlMuPfrzY21JE/VBeHhcxNaYvFQ7o9lX2xVw
hRnqLQ6m5v2nlbk3pYcVmt1ZoQX5wpn4MZ/uhXhhi7fGCI12x6+aMDx0OEAeRAJc
oNxgeyHj8nAqJejFoEyFXy/o+mHQLSGDEEyglkE5a5xaH/7iTppkB0cR3cosk8bf
jdrg4szVGrVJRpKE7sP2Wa20MN3XCVXBk3j86JLGJ6mi2Td0pyNqnxb4Enpkq3Lt
8ugOWwLUxx+0heXgrsf65TS42saqypPtc6fq5D51ot4FNeCK5fsMlEr+i6bAwKYy
qi6fwnPNrPiM7ANim7z6NFQ/W8ykme4mZSy28zv2OSVhvZJl21Ltm+9kTFpmPNHM
ah8LhreGUu1JnS/rKA62fy7F/OH2FkGg2R0SH7zYBaE/XvC6SnlR0JxkJgrTkVSf
W6EmdMX6jQ==
=tryL
-----END PGP SIGNATURE-----
--- End Message ---
