[Git][security-tracker-team/security-tracker][master] Reserve DLA-4488-1 for modsecurity-crs

Sun, 22 Feb 2026 01:58:23 -0800 


Tobias Frost pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cd1264dd by Tobias Frost at 2026-02-22T10:58:00+01:00
Reserve DLA-4488-1 for modsecurity-crs

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -274945,7 +274945,6 @@ CVE-2023-3319 (Improper Neutralization of Input 
During Web Page Generation ('Cro
 CVE-2023-38199 (coreruleset (aka OWASP ModSecurity Core Rule Set) through 
3.3.4 does n ...)
        - modsecurity-crs 3.3.5-1 (bug #1041109)
        [bookworm] - modsecurity-crs <no-dsa> (Minor issue)
-       [bullseye] - modsecurity-crs <no-dsa> (Minor issue)
        [buster] - modsecurity-crs <postponed> (Minor issue)
        NOTE: https://github.com/coreruleset/coreruleset/issues/3191
        NOTE: https://github.com/coreruleset/coreruleset/pull/3237


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Feb 2026] DLA-4488-1 modsecurity-crs - security update
+       {CVE-2023-38199 CVE-2026-21876}
+       [bullseye] - modsecurity-crs 3.3.4-1~deb11u2
 [21 Feb 2026] DLA-4487-1 gegl - security update
        {CVE-2026-2049 CVE-2026-2050}
        [bullseye] - gegl 1:0.4.26-2+deb11u2


=====================================
data/dla-needed.txt
=====================================
@@ -258,10 +258,6 @@ mimetex
   NOTE: 20250629: There doesn't seem to be a fix so far according to #1103801 
(dleidert)
   NOTE: 20250629: Best course of action seems to be some kind of mitigation 
similar to https://moodle.org/mod/forum/discuss.php?d=467592 (dleidert)
 --
-modsecurity-crs (tobi)
-  NOTE: 20260123: Added by Front-Desk (pochu)
-  NOTE: 20260124: Reached out to maintainer to review on CVE-2026-21876, 
advice on CVE-2023-38199.
---
 nagvis
   NOTE: 20250117: Added by Front-Desk (rouca)
   NOTE: 20250119: Also check/fix https://bugs.debian.org/1061044



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd1264ddc7c9616ace07946315a6aea6305f74a0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd1264ddc7c9616ace07946315a6aea6305f74a0
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to