[Git][security-tracker-team/security-tracker][master] Reserve DLA-3031-1 for modsecurity-apache

Sat, 28 May 2022 00:41:00 -0700 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e45b3ad by Chris Lamb at 2022-05-28T08:40:23+01:00
Reserve DLA-3031-1 for modsecurity-apache

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -41833,7 +41833,6 @@ CVE-2021-42717 (ModSecurity 3.x through 3.0.5 
mishandles excessively nested JSON
        [bullseye] - modsecurity <no-dsa> (Minor issue; does not have connector 
packages in Debian)
        [buster] - modsecurity <no-dsa> (Minor issue; does not have connector 
packages in Debian)
        - modsecurity-apache 2.9.5-1
-       [stretch] - modsecurity-apache <postponed> (revisit when/if fixed 
upstream)
        NOTE: https://github.com/SpiderLabs/ModSecurity/issues/2647
        NOTE: 
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-dos-vulnerability-in-json-parsing-cve-2021-42717/
        NOTE: Fixed by: 
https://github.com/SpiderLabs/ModSecurity/commit/41918335fa4c74fba46a986771a5a6cb457070c4
 (v2.9.5)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 May 2022] DLA-3031-1 modsecurity-apache - security update
+       {CVE-2021-42717}
+       [stretch] - modsecurity-apache 2.9.1-2+deb9u1
 [27 May 2022] DLA-3030-1 zipios++ - security update
        {CVE-2019-13453}
        [stretch] - zipios++ 0.1.5.9+cvs.2007.04.28-6+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -145,9 +145,6 @@ mbedtls (Utkarsh)
   NOTE: 20220516: helf off upload to see if the other one should
   NOTE: 20220516: be squeezed in. waiting on -pu. (utkarsh)
 --
-modsecurity-apache (Chris Lamb)
-  NOTE: 20220524: Follow buster: harmonize with with DSA-5023-1 (1 CVE) 
(Beuc/front-desk)
---
 modsecurity-crs
   NOTE: 20220524: Follow buster: harmonize with with Debian 10.2 and 10.11 (2 
CVEs) (Beuc/front-desk)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e45b3adfe45f58ccb8617b66753e7b622dc8efc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e45b3adfe45f58ccb8617b66753e7b622dc8efc
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to