-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4294-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 07, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : modsecurity-apache Version : 2.9.3-3+deb11u5 CVE ID : CVE-2025-54571 Debian Bug : 1110480 Cross-site scripting due to insufficient return value handling has been fixed in modsecurity-apache, a module for the Apache webserver to tighten Web application security. For Debian 11 bullseye, this problem has been fixed in version 2.9.3-3+deb11u5. We recommend that you upgrade your modsecurity-apache packages. For the detailed security status of modsecurity-apache please refer to its security tracker page at: https://security-tracker.debian.org/tracker/modsecurity-apache Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmi9eNQACgkQiNJCh6LY mLFx8g/+PwMX95rwqr3miVrOYXgtwccVr1zvZbYmm5USXhlpnZ+5xtJZPVxgw2ak M0YYFKZrx7RZ25Yr+etfGBiwlZhyaD9fAJVcXbK25Ex0gYXWGo+tWoJkteJXW97/ dTTO8xdQ4SYQhIxihMT615wEHR+V0HAEFvwdiuZK1IwFFQvQh+3+TQyvPeZvTi67 QOT0O28dOD7FPqUMTs4wJx9fhGBtj0GgYq30cYbteIAZ8DVe0Ml9P7Cu9ATTe6/9 X1/Ga0aA6ID54o+TEi7KuI6UzbLkC9VkKyw6EANexcalqxWZS7u/R/+4zZDffCVT WannXRy5G5eg4IznWTKD5yKUhkWlSh2sT02l6S+m+StAnScYQy8Pmb4XlkC1GeNo CMQZpk759YgNlx7fa68EEpxANOERiiZ2piCGi9kxOR/esq9LBPvCH6M43IaRqEdB tbuqs72v5Bf07XIJcElXXrsFsstHUdvmAo6RWDt9XFVzWUD1luAWbQ3a+biV4OOQ BGeVty5kltjteBBaMMIwHKkDChcP6wtzEBu0TJ7i8dj3noE1eH5T+/otqxkB3PxT 8hyfTq7Rn7yE7dMaLUMs9PbKNs9g9s2XYQV4BwXy8f+6JgMY4UpAAmbDqMgC0fPu WH24cDRPvd+ZxGfziZXRd66WQefp5/Oa99pcrJaSvo6ttbAaoWU= =/5us -----END PGP SIGNATURE-----
