Bug#1098910: marked as done (modsecurity: CVE-2025-27110)

Debian Bug Tracking System Tue, 04 Mar 2025 03:36:21 -0800

Your message dated Tue, 4 Mar 2025 12:24:11 +0100
with message-id <[email protected]>
and subject line Fixed upstream in 3.0.14-1
has caused the Debian Bug report #1098910,
regarding modsecurity: CVE-2025-27110
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1098910: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098910
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: modsecurity
Version: 3.0.13-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for modsecurity.

CVE-2025-27110[0]:
| Libmodsecurity is one component of the ModSecurity v3 project. The
| library codebase serves as an interface to ModSecurity Connectors
| taking in web traffic and applying traditional ModSecurity
| processing. A bug that exists only in Libmodsecurity3 version 3.0.13
| means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML
| entities if they contains leading zeroes. Version 3.0.14 contains a
| fix. No known workarounds are available.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-27110
    https://www.cve.org/CVERecord?id=CVE-2025-27110
[1] 
https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-42w7-rmv5-4x2j
[2] https://github.com/owasp-modsecurity/ModSecurity/issues/3340
[3] 
https://github.com/owasp-modsecurity/ModSecurity/commit/c82e831b6640836eeef6f5418c8482063814dc34

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Version: 3.0.14-1

-- 
Alberto Gonzalez Iniesta    | Formación, consultoría y soporte técnico
mailto/sip: [email protected] | en GNU/Linux y software libre
Encrypted mail preferred    | http://inittab.com

Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D  4BF2 009B 3375 6B9A AA55

--- End Message ---

Bug#1098910: marked as done (modsecurity: CVE-2025-27110)

Reply via email to