Bug#992863: buster-pu: package modsecurity-crs/3.1.0-1
Hi Salvatore!!
On Tue, Aug 24, 2021 at 03:17:36PM +0200, Salvatore Bonaccorso wrote:
> Hi Alberto,
>
> On Tue, Aug 24, 2021 at 01:57:26PM +0200, Alberto Gonzalez Iniesta wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: buster
> > User: release.debian.org@packages.debian.org
> > Usertags: pu
> >
> > Hi,
> >
> > This [1] security bug was found in modsecurity-crs.
> > As with the previous update (modsecurity-crs_3.1.0-1+deb10u1), a DSA
> > does not seem necessary (security team on Cc:) so I'm targeting buster
> > proposed updates instead.
> >
> > Here's the debdiff. Hope it's all OK.
> >
> > I'll wait for your instructions before uploading.
>
> Correct, we marked the CVE as no-dsa for both buster an bullseye. I
> would suggest to first fix this in unstable, which is sort of
> aprerequisite to get the fix in stable and oldstable via the point
> releases.
Yes, updated package got in unstable today.
> Do you have an update as well pending for bullseye?
Yes, I'll open a new PU request for it too.
Thanks,
Alberto
--
Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico
mailto/sip: agi@inittab.org | en GNU/Linux y software libre
Encrypted mail preferred | http://inittab.com
Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55
Reply to: