[Git][security-tracker-team/security-tracker][master] Reserve DLA-3293-1 for modsecurity-crs

[Tobias Frost (@tobi)]

Tobias Frost pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
709f5572 by Tobias Frost at 2023-01-30T19:15:37+01:00
Reserve DLA-3293-1 for modsecurity-crs

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -119625,7 +119625,6 @@ CVE-2021-35369
 CVE-2021-35368 (OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x 
before 3.2.1 ...)
        - modsecurity-crs 3.3.2-1 (bug #992000)
        [bullseye] - modsecurity-crs 3.3.0-1+deb11u1
-       [buster] - modsecurity-crs 3.1.0-1+deb10u2
        [stretch] - modsecurity-crs <no-dsa> (Minor issue)
        NOTE: 
https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/
        NOTE: https://github.com/coreruleset/coreruleset/pull/2143
@@ -259664,7 +259663,6 @@ CVE-2019-13465 (An issue was discovered in the ROS 
communications-related packag
        NOTE: https://github.com/ros/ros_comm/pull/1763
 CVE-2019-13464 (An issue was discovered in OWASP ModSecurity Core Rule Set 
(CRS) 3.0.2 ...)
        - modsecurity-crs 3.2.0-1 (low; bug #943773)
-       [buster] - modsecurity-crs 3.1.0-1+deb10u1
        [stretch] - modsecurity-crs <no-dsa> (Minor issue)
        [jessie] - modsecurity-crs <not-affected> (incorrect rule does not 
exist)
        NOTE: 
https://github.com/SpiderLabs/owasp-modsecurity-crs/commit/6090d6b0a90417f1a60aa68a01eb777cef2e1184
@@ -306526,7 +306524,6 @@ CVE-2018-16385 (ThinkPHP before 5.1.23 allows SQL 
Injection via the public/index
        NOT-FOR-US: ThinkPHP
 CVE-2018-16384 (A SQL injection bypass (aka PL1 bypass) exists in OWASP 
ModSecurity Co ...)
        - modsecurity-crs 3.2.0-1 (low; bug #924352)
-       [buster] - modsecurity-crs <no-dsa> (Minor issue)
        [stretch] - modsecurity-crs <no-dsa> (Minor issue)
        [jessie] - modsecurity-crs <no-dsa> (Minor issue)
        NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1167


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Jan 2023] DLA-3293-1 modsecurity-crs - security update
+       {CVE-2018-16384 CVE-2019-13464 CVE-2020-22669 CVE-2021-35368 
CVE-2022-39955 CVE-2022-39956 CVE-2022-39957 CVE-2022-39958}
+       [buster] - modsecurity-crs 3.2.3-0+deb10u3
 [29 Jan 2023] DLA-3292-1 sofia-sip - security update
        {CVE-2023-22741}
        [buster] - sofia-sip 1.12.11+20110422.1-2.1+deb10u2


=====================================
data/dla-needed.txt
=====================================
@@ -146,13 +146,6 @@ man2html (gladk)
   NOTE: 20221004: It looks like not patch is available.
   NOTE: 20221004: Please evalulate, whether the issue can be marked as 
<ignored>.
 --
-modsecurity-crs (tobi)
-  NOTE: 20221006: Programming language: Other.
-  NOTE: 20221006: Maintainer notes: Please contact maintainer. Consider 
uploading of newer version.
-  NOTE: 20230111: VCS: 
https://salsa.debian.org/lts-team/packages/modsecurity-crs.git
-  NOTE: 20230113: backported rule set to strech (did not see the notice from 
20230111 before), mailed maintainers for feedback.
-  NOTE: 20200130: WIP, in heavy contact with upstream. (alomst ready for 
upload)
---
 netatalk
   NOTE: 20220816: Programming language: C.
   NOTE: 20220912: We get errors in the log, not present on bookworm. Needs 
more investigation. (stefanor)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/709f55726438e5111587a3b9821c1d0171481c9b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/709f55726438e5111587a3b9821c1d0171481c9b
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits