[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#992863: buster-pu: package modsecurity-crs/3.1.0-1

Hi

On Tue, Aug 24, 2021 at 03:17:40PM +0200, Salvatore Bonaccorso wrote:
> Hi Alberto,
> 
> On Tue, Aug 24, 2021 at 01:57:26PM +0200, Alberto Gonzalez Iniesta wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: buster
> > User: release.debian.org@packages.debian.org
> > Usertags: pu
> > 
> > Hi,
> > 
> > This [1] security bug was found in modsecurity-crs.
> > As with the previous update (modsecurity-crs_3.1.0-1+deb10u1), a DSA
> > does not seem necessary (security team on Cc:) so I'm targeting buster
> > proposed updates instead.
> > 
> > Here's the debdiff. Hope it's all OK.
> > 
> > I'll wait for your instructions before uploading.
> 
> Correct, we marked the CVE as no-dsa for both buster an bullseye. I
> would suggest to first fix this in unstable, which is sort of
> aprerequisite to get the fix in stable and oldstable via the point
> releases.
> 
> Do you have an update as well pending for bullseye?

This should have gone as well to the actual bug, #992863.

Apologies for the doubled message now.

Regards,
Salvatore
Reply to: