Bug#1106286: modsecurity-apache: CVE-2025-47947

2025-06-02 Thread Alberto Gonzalez Iniesta
Hi, Salvatore. I just uploaded modsecurity-apache_2.9.7-1+deb12u1 to security-master with the CVE number fixed. Regards, Alberto On Thu, May 29, 2025 at 09:52:12AM +0200, Salvatore Bonaccorso wrote: > Hi Alberto, > > On Wed, May 28, 2025 at 01:01:20PM +0200, Alberto Gonzalez Iniesta wrote: > >

Bug#1106286: modsecurity-apache: CVE-2025-47947

2025-05-29 Thread Salvatore Bonaccorso
Hi Alberto, On Wed, May 28, 2025 at 01:01:20PM +0200, Alberto Gonzalez Iniesta wrote: > Hmm, now attached. Sorry for the noise. > > > On Tue, May 27, 2025 at 10:51:56PM +0200, Alberto Gonzalez Iniesta wrote: > > Hi, all. > > > > I just requested the unblock for trixie. > > > > Please find

Bug#1106286: modsecurity-apache: CVE-2025-47947

2025-05-28 Thread Alberto Gonzalez Iniesta
Hmm, now attached. Sorry for the noise. On Tue, May 27, 2025 at 10:51:56PM +0200, Alberto Gonzalez Iniesta wrote: > Hi, all. > > I just requested the unblock for trixie. > > Please find attached the debdiffs for both bullseye-security and > bookworm-security. I'll wait for the OK to upload

Bug#1106286: modsecurity-apache: CVE-2025-47947

2025-05-27 Thread Alberto Gonzalez Iniesta
Hi, all. I just requested the unblock for trixie. Please find attached the debdiffs for both bullseye-security and bookworm-security. I'll wait for the OK to upload them. Thanks, Alberto On Fri, May 23, 2025 at 09:52:38PM +0200, Salvatore Bonaccorso wrote: > Hi > > [looping in the Debian secu

Bug#1106286: modsecurity-apache: CVE-2025-47947

2025-05-23 Thread Salvatore Bonaccorso
Hi [looping in the Debian security team alias] On Fri, May 23, 2025 at 09:25:36PM +0200, Ervin Hegedüs wrote: > Hi Alberto, > > Unfortunately I dont know what's the SPU. And as I know there is no DSA, > just a bug id. spu is stable-proposed-update. The issue might warrant a DSA, can you prepare

Bug#1106286: modsecurity-apache: CVE-2025-47947

2025-05-23 Thread Ervin Hegedüs
Hi Alberto, Unfortunately I dont know what's the SPU. And as I know there is no DSA, just a bug id. a. 2025. május 23., péntek dátummal Alberto Gonzalez Iniesta ezt írta: > Hi! > > Should the fixed packages for bullseye and bookworm target (O)SPU or > will a DSA be issued and the packages upl

Bug#1106286: modsecurity-apache: CVE-2025-47947

2025-05-23 Thread Alberto Gonzalez Iniesta
Hi! Should the fixed packages for bullseye and bookworm target (O)SPU or will a DSA be issued and the packages uploaded to s.d.o? Thanks, Alberto On Thu, May 22, 2025 at 05:35:50PM +0200, Moritz Mühlenhoff wrote: > Source: modsecurity-apache > X-Debbugs-CC: t...@security.debian.org > Severity:

Bug#1106286: modsecurity-apache: CVE-2025-47947

2025-05-22 Thread Moritz Mühlenhoff
Source: modsecurity-apache X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for modsecurity-apache. CVE-2025-47947[0]: | ModSecurity is an open source, cross platform web application | firewall (WAF) engine for Apache, IIS and Ng