Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package modsecurity for openSUSE:Factory checked in at 2026-05-08 16:46:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/modsecurity (Old) and /work/SRC/openSUSE:Factory/.modsecurity.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "modsecurity" Fri May 8 16:46:07 2026 rev:13 rq:1351498 version:3.0.15 Changes: -------- --- /work/SRC/openSUSE:Factory/modsecurity/modsecurity.changes 2025-03-31 11:43:39.273340462 +0200 +++ /work/SRC/openSUSE:Factory/.modsecurity.new.1966/modsecurity.changes 2026-05-08 16:46:18.763530058 +0200 @@ -1,0 +2,13 @@ +Wed May 6 13:58:07 UTC 2026 - Andreas Stieger <[email protected]> + +- update to 3.0.15: + * CVE-2026-42268: unsig integer underflow issue in verify* operators + * CVE-2026-30923: buffer overflow in hex_decode.cc (boo#1264223) + * buffer overflow in multipart body proc + * heap buffer overflow in acmp pm + * nullptr dereference in seclang scanner + * probably UB (left shift of neg. val) in ip_tree + * Add initial mbedTLS v4 support + * Update SQLi/XSS operators for libinjection v4.0.0 + +------------------------------------------------------------------- Old: ---- modsecurity-v3.0.14.tar.gz modsecurity-v3.0.14.tar.gz.sig New: ---- modsecurity-v3.0.15.tar.gz modsecurity-v3.0.15.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ modsecurity.spec ++++++ --- /var/tmp/diff_new_pack.nWcOsG/_old 2026-05-08 16:46:19.999581550 +0200 +++ /var/tmp/diff_new_pack.nWcOsG/_new 2026-05-08 16:46:19.999581550 +0200 @@ -2,7 +2,7 @@ # spec file for package modsecurity # # Copyright (c) 2024 SUSE LLC -# Copyright (c) 2025 Andreas Stieger <[email protected]> +# Copyright (c) 2026 Andreas Stieger <[email protected]> # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %define sover 3 Name: modsecurity -Version: 3.0.14 +Version: 3.0.15 Release: 0 Summary: Web application firewall engine License: Apache-2.0 ++++++ modsecurity-v3.0.14.tar.gz -> modsecurity-v3.0.15.tar.gz ++++++ /work/SRC/openSUSE:Factory/modsecurity/modsecurity-v3.0.14.tar.gz /work/SRC/openSUSE:Factory/.modsecurity.new.1966/modsecurity-v3.0.15.tar.gz differ: char 13, line 1
