Bug#992863: buster-pu: package modsecurity-crs/3.1.0-1
Hi
On Tue, Aug 24, 2021 at 03:17:40PM +0200, Salvatore Bonaccorso wrote:
> Hi Alberto,
>
> On Tue, Aug 24, 2021 at 01:57:26PM +0200, Alberto Gonzalez Iniesta wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: buster
> > User: release.debian.org@packages.debian.org
> > Usertags: pu
> >
> > Hi,
> >
> > This [1] security bug was found in modsecurity-crs.
> > As with the previous update (modsecurity-crs_3.1.0-1+deb10u1), a DSA
> > does not seem necessary (security team on Cc:) so I'm targeting buster
> > proposed updates instead.
> >
> > Here's the debdiff. Hope it's all OK.
> >
> > I'll wait for your instructions before uploading.
>
> Correct, we marked the CVE as no-dsa for both buster an bullseye. I
> would suggest to first fix this in unstable, which is sort of
> aprerequisite to get the fix in stable and oldstable via the point
> releases.
>
> Do you have an update as well pending for bullseye?
This should have gone as well to the actual bug, #992863.
Apologies for the doubled message now.
Regards,
Salvatore
Reply to: