[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#992863: buster-pu: package modsecurity-crs/3.1.0-1

Hi Salvatore!!

On Tue, Aug 24, 2021 at 03:17:36PM +0200, Salvatore Bonaccorso wrote:
> Hi Alberto,
> 
> On Tue, Aug 24, 2021 at 01:57:26PM +0200, Alberto Gonzalez Iniesta wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: buster
> > User: release.debian.org@packages.debian.org
> > Usertags: pu
> > 
> > Hi,
> > 
> > This [1] security bug was found in modsecurity-crs.
> > As with the previous update (modsecurity-crs_3.1.0-1+deb10u1), a DSA
> > does not seem necessary (security team on Cc:) so I'm targeting buster
> > proposed updates instead.
> > 
> > Here's the debdiff. Hope it's all OK.
> > 
> > I'll wait for your instructions before uploading.
> 
> Correct, we marked the CVE as no-dsa for both buster an bullseye. I
> would suggest to first fix this in unstable, which is sort of
> aprerequisite to get the fix in stable and oldstable via the point
> releases.

Yes, updated package got in unstable today.

> Do you have an update as well pending for bullseye?

Yes, I'll open a new PU request for it too.

Thanks,

Alberto


-- 
Alberto Gonzalez Iniesta    | Formación, consultoría y soporte técnico
mailto/sip: agi@inittab.org | en GNU/Linux y software libre
Encrypted mail preferred    | http://inittab.com

Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D  4BF2 009B 3375 6B9A AA55
Reply to: