[Git][security-tracker-team/security-tracker][master] Reserve DLA-4265-1 for modsecurity-crs

Fri, 08 Aug 2025 14:11:40 -0700 


Adrian Bunk pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ab10e83b by Adrian Bunk at 2025-08-08T23:54:21+03:00
Reserve DLA-4265-1 for modsecurity-crs

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -262786,24 +262786,20 @@ CVE-2022-39959 (Panini Everest Engine 2.0.4 allows 
unprivileged users to create
 CVE-2022-39958 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a 
response bo ...)
        {DLA-3293-1}
        - modsecurity-crs 3.3.4-1 (bug #1021137)
-       [bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in 
point release)
        NOTE: 
https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
 CVE-2022-39957 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a 
response bo ...)
        {DLA-3293-1}
        - modsecurity-crs 3.3.4-1 (bug #1021137)
-       [bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in 
point release)
        NOTE: 
https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
 CVE-2022-39956 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a 
partial rul ...)
        {DLA-3293-1}
        - modsecurity-crs 3.3.4-1 (bug #1021137)
-       [bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in 
point release)
        NOTE: 
https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
        NOTE: Depends on changes to be done in src:libmodsecurity3 / 
src:modsecurity-apache, cf.
        NOTE: https://bugs.debian.org/1020303
 CVE-2022-39955 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a 
partial rul ...)
        {DLA-3293-1}
        - modsecurity-crs 3.3.4-1 (bug #1021137)
-       [bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in 
point release)
        NOTE: 
https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
 CVE-2022-39954 (An improper restriction of xml external entity reference in 
Fortinet F ...)
        NOT-FOR-US: Fortinet
@@ -412761,7 +412757,6 @@ CVE-2020-22670
 CVE-2020-22669 (Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at 
PL1) has a  ...)
        {DLA-3293-1}
        - modsecurity-crs 3.3.2-1
-       [bullseye] - modsecurity-crs <no-dsa> (Minor issue)
        NOTE: https://github.com/coreruleset/coreruleset/pull/1793
        NOTE: 
https://github.com/coreruleset/coreruleset/commit/1a6e9e097587cecc038f1a1a76fc067c7797bbcd
 (v3.3.1-rc1)
        NOTE: 
https://github.com/coreruleset/coreruleset/commit/909cab560b56f998faee88dd8a7aa9cf086d2d9f
 (v3.3.1-rc1)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[08 Aug 2025] DLA-4265-1 modsecurity-crs - security update
+       {CVE-2020-22669 CVE-2022-39955 CVE-2022-39956 CVE-2022-39957 
CVE-2022-39958}
+       [bullseye] - modsecurity-crs 3.3.4-1~deb11u1
 [04 Aug 2025] DLA-4264-1 exempi - security update
        {CVE-2021-36045 CVE-2021-36046 CVE-2021-36047 CVE-2021-36048 
CVE-2021-36050 CVE-2021-36051 CVE-2021-36052 CVE-2021-36053 CVE-2021-36054 
CVE-2021-36055 CVE-2021-36056 CVE-2021-36057 CVE-2021-36058 CVE-2021-36064 
CVE-2021-39847 CVE-2021-40716 CVE-2021-40732 CVE-2021-42528 CVE-2021-42529 
CVE-2021-42530 CVE-2021-42531 CVE-2021-42532}
        [bullseye] - exempi 2.5.2-1+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -247,11 +247,6 @@ mimetex
   NOTE: 20250629: There doesn't seem to be a fix so far according to #1103801 
(dleidert)
   NOTE: 20250629: Best course of action seems to be some kind of mitigation 
similar to https://moodle.org/mod/forum/discuss.php?d=467592 (dleidert)
 --
-modsecurity-crs (bunk)
-  NOTE: 20250718: Added by Front-Desk (Beuc)
-  NOTE: 20250718: Follow DLA-3293-1 for buster (7 CVEs) (Beuc/front-desk)
-  NOTE: 20250804: work ongoing (bunk)
---
 mupdf (Chris Lamb)
   NOTE: 20250805: Added by Front-Desk (rouca)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab10e83b2383e0b0f0ef2ae0faf2039f7f07d908

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab10e83b2383e0b0f0ef2ae0faf2039f7f07d908
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to