Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted modsecurity-crs 3.2.3-0+deb10u3 (source) into oldstable
Date: Mon, 30 Jan 2023 18:00:24 +0000
Signed by: Tobias Frost <tobi@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 30 Jan 2023 18:31:10 +0100
Source: modsecurity-crs
Architecture: source
Version: 3.2.3-0+deb10u3
Distribution: buster-security
Urgency: medium
Maintainer: Alberto Gonzalez Iniesta <agi@inittab.org>
Changed-By: Tobias Frost <tobi@debian.org>
Closes: 924352 992000 1021137
Changes:
 modsecurity-crs (3.2.3-0+deb10u3) buster-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * New upstream release packaged as backporting fixes is not feasible.
     - Security fixes:
       - CVE-2018-16384 (Closes: #924352)
       - CVE-2021-35368 (Closes: #992000)
       - CVE-2022-39955, CVE-2022-39956, CVE-2022-39957 and CVE-2022-39958
         (Closes: #1021137)
     - Cherry-pick upstream fix for CVE-2020-22669
     - Patches droped, as already included in the new version:
       CVE-2021-35368.patch, CVE-2019-13464.patch
   * Add a Breaks: relation to older libapache2-mod-security2, as a recent
     update is required for CVE-2022-39956. See also DLA-3283-1.
   * Add postinst/postrm: reload apache2, if apache2 and mod_security2 is
     enabled.
Checksums-Sha1:
 6371b5b2b3dd2d53c03bd7424a63018354d3f205 1804 modsecurity-crs_3.2.3-0+deb10u3.dsc
 5a4420c6881c46b474eef7dedafa785217bdd099 293222 modsecurity-crs_3.2.3.orig.tar.gz
 74814d5e5bc8a3a193c5d7a1d083acd75dcbd630 6312 modsecurity-crs_3.2.3-0+deb10u3.debian.tar.xz
 f6bf090060fc24b9f2b92f7ed8046358e8de619a 5591 modsecurity-crs_3.2.3-0+deb10u3_amd64.buildinfo
Checksums-Sha256:
 5afec64aa40c269ee06c7d8c4e48c51c0983f98adae48d142684e54840a15e63 1804 modsecurity-crs_3.2.3-0+deb10u3.dsc
 6cf46d40e8cf8ff00a5c1ef80cd2fcac35b988b698738b42becbc812308a1b02 293222 modsecurity-crs_3.2.3.orig.tar.gz
 683d8ec71917a48874ca4664c6f3fab5853d5f56d17dd6ce19900e5fa0e63efb 6312 modsecurity-crs_3.2.3-0+deb10u3.debian.tar.xz
 5f1abc5f533ed1a49c6127eb4f859c5f86ff23dd9f6df8b21a1c8b10204dacda 5591 modsecurity-crs_3.2.3-0+deb10u3_amd64.buildinfo
Files:
 2972c7be5644ecf754e12f7c9f206eab 1804 httpd optional modsecurity-crs_3.2.3-0+deb10u3.dsc
 f3299d91585d170a6b29034ed1a17c83 293222 httpd optional modsecurity-crs_3.2.3.orig.tar.gz
 da757cf9f990bbc88989608f322ecebc 6312 httpd optional modsecurity-crs_3.2.3-0+deb10u3.debian.tar.xz
 9bdd471e9072dc77ffb1ef3e305a6f54 5591 httpd optional modsecurity-crs_3.2.3-0+deb10u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmPYAu8ACgkQkWT6HRe9
XTaxAxAAsmqSOfS0POO5xOzp1uvYVuY6t1yMHd4JACiwpnlLS5dE+OjLo+LLy0PX
4OKWMV8ch4RqVljmQDcZ7GC5biJd+MFkkQhn6yGw3oMHxFHt2YUwlJu7SsPUERGm
OcWCmnpnjZjhdC1RCs8LiKFuu36n+UHL8UQEY30PFaR26ROyR3Cg+mlK7Z/NKXvX
Rt/jN1n18QyXttH/ACQ2WDSlRV3RAGwtRpTAu5Aa6GihXaHq0AgmMfX9X0fWI5CD
IoMU0etgcQltu6acDsORW39y0yk3k+0oxKCehC2M2arEUth7aqiJkMEVR0nN8AP2
EGbNPSL4l1HVcMUybbLwBt5D8J+kLmEo53ly/KzpW608yPs7XH9z2KGsCxAcIWfQ
VB/v+2DYadRohLMr7nvazOmUKdBk/3OlEIktUtMy03U1pyO4U8KtMrjU+VgV5O/+
+4k5O9m3wRdeT7c0WOOQC54WDSFMvSCq2QX8kWXyPn2fSxni43ztKZx5jYO09/Yj
9cQJBtK8QAZp9SiUhgTitGXo3b3xR0tGTeTEVVeUB8MB44RtwAVke98p8oiQ6oQO
j39Fbjg+5XHqtIopS0VxxP3g7jJFemJBTCLgYbgTUEJTmLFOJRssO5b+Z6jepQFH
CNmjY4iLcq/9+bwaG+bhenPQ8zvt4KhMjY9VFgJnHX2nY5Fqt0E=
=MPUV
-----END PGP SIGNATURE-----
News for package modsecurity-crs
