-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6105-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 21, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : modsecurity-crs CVE ID : CVE-2026-21876 It was discovered that one of the rules in the OWASP ModSecurity Core Rule Set parsed some multipart requests incorrectly. For the oldstable distribution (bookworm), this problem has been fixed in version 3.3.4-1+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 3.3.7-1+deb13u1. We recommend that you upgrade your modsecurity-crs packages. For the detailed security status of modsecurity-crs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/modsecurity-crs Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmlxSdsACgkQEMKTtsN8 TjZzkhAAurudVyRF56Mqp8jq8oLnm3Y46feMo4BzHl/fkFR14yC/z6BxSSMh5b35 9u28q/64FUvooO/S0yklJvAex1V2blg22VjodGhVqMc2Dp6B/HIeQOSIAbh9TG3d fagaaNLAo3KmKteGSdJf5CES2eyoLD+zAwA5VLKW4NGCJVnhhz2aqSv1pWGod2zU hgKHg6NzPZQVO0sk08m3EhCBfn3iuzAc2NeEjEKbChV2B6kEGnfViR8UNwnnb7aw tSX6ZQDiISUmBloMjdBrCcxbQ1TxD5OY23ed3EM+nbpm7cQ+6mM+oNZnSTXyZeWe OCogDYqstyKlLMkwJsQTleO1oJAlmt0vYMEECVZz6EZsHDJHCk7zMVOKMYE8gxX/ JLJn7Gfrka+QYqZAC6289CPKAZ1VXDEvz1E5/EInNlMVgqFvuJf5tYnMzKjJdI1r JhWPuUiwyLNFZ30qXs/xqfb6A16w9VgGrUgxaNOoH8gLWCGfEchhbO3x7VkyKNgd lM182vZTNxyofmovraSH7nlZYq5CJJeF7eQC23V6YAprQLpt0/+BV7hd2i6a5eF3 6lbib/Vnz43r7fEDsbW1Sey/hFhyyI6TsQt0aMShtt/i8TiY0wzYvlBpCnpHi25m yARQHfh66lCY/umcBV7f3z3i0rklxjuJuR6tYf0UKSxFTRbD0B8= =G7EX -----END PGP SIGNATURE-----
