Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted modsecurity-crs 3.3.4-1~deb11u2 (source) into oldoldstable-security
Date: Sun, 22 Feb 2026 08:50:24 +0000
Signed by: Tobias Frost <tobi@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 21 Feb 2026 18:56:04 +0100
Source: modsecurity-crs
Architecture: source
Version: 3.3.4-1~deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Alberto Gonzalez Iniesta <agi@inittab.org>
Changed-By: Tobias Frost <tobi@debian.org>
Closes: 1041109 1125084
Changes:
 modsecurity-crs (3.3.4-1~deb11u2) bullseye-security; urgency=medium
 .
   * Nom-maintainer upload by the LTS Team.
   * Cherry-pick from maintainer upload targeting bookworm:
     - Fixes CVE-2025-21876 (Closes: #1125084)
   * Backported from upstream 3.3.5:
     - CVE-2023-38199 - WAF bypass (Closes: #1041109)
Checksums-Sha1:
 ed58a1fd9eb015d21e4777fc0dc2e4141e6f4e9d 1970 modsecurity-crs_3.3.4-1~deb11u2.dsc
 821796a48bbedd1a0d962614ef473625da85feae 301112 modsecurity-crs_3.3.4.orig.tar.gz
 5381f2d4bb95c7d40b8d6e09ff04f40c130b551d 7272 modsecurity-crs_3.3.4-1~deb11u2.debian.tar.xz
 20b0d2598d415c490b5261996d9fcea9f9f4abc1 6365 modsecurity-crs_3.3.4-1~deb11u2_source.buildinfo
Checksums-Sha256:
 2aded4c4f6304c413d495322d3e4de7b73ec67acb4be04642beda4af17544358 1970 modsecurity-crs_3.3.4-1~deb11u2.dsc
 15a84aaa041aa532905a34546b613bd3aed122e3f9814fbb5c28e1655d02b74d 301112 modsecurity-crs_3.3.4.orig.tar.gz
 b9e15bbc6978021fefa9262295cfd4969ddb288573ef301b8771db7976677b18 7272 modsecurity-crs_3.3.4-1~deb11u2.debian.tar.xz
 e4bdb9c8095fbc6e24c7d09b76c0bcd1df06b67212f276f30399452a07cee46e 6365 modsecurity-crs_3.3.4-1~deb11u2_source.buildinfo
Files:
 6292733cddeadc0efdc2e6a88a62ed35 1970 httpd optional modsecurity-crs_3.3.4-1~deb11u2.dsc
 f85d55f66d58e7347268665508eefd0b 301112 httpd optional modsecurity-crs_3.3.4.orig.tar.gz
 8df36a8cad2da0c0cb7dbf00c481fb3a 7272 httpd optional modsecurity-crs_3.3.4-1~deb11u2.debian.tar.xz
 3417e1624018c137c2d39d8ca566dc24 6365 httpd optional modsecurity-crs_3.3.4-1~deb11u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmmav3UACgkQkWT6HRe9
XTbJuQ//QkVWGy/wIkTYp2cLnewri6a8lG4bBrSUKFIxeCQt+cqzAlgKDEkDJMQh
z9DK9haM6vcCZpRKMkQX9W2nIDM+85LlZQzl2JiGf8d54OA50BM1zcWYpLxAhRmU
U9X1GVaR33vLNaUVFU1fWoHmLxF36mW7APJIUal7xVyJFUp414RPnGCMUTf6W+n7
xqC6RkLrJ4I64u7luNHgta+1cjoGTlRDATxTRtrU6DfV1jjuefus2xVRhfWEEhkz
unsnPglLpU/PIhW5peYZf1MRSc1oAqZPgtT2N/FrgYtHUx2CHBtT/m5x/xOXcwow
GepR2tQVEPejbFYeROxu6TUN+U7r2CZ3eohgUnphTP4/vWMILJIITQiRz0B8JSPp
A8pcLhQqYzq2LHNTsItwfOjHomXvdFsRgQZF1DT6He6R1ppmDG6lUKuEt2ks3X6d
nCIV9EAy59HBCdZxYDfypnyqP8xNOO6fm+NHtbckmOitPt8WM5YFaGjWgabUrsQA
QsZ0eqEu45NndOUsSXh4FMbN/s98hQ6fYwJzqEVcOlGxDJLJJgWGGKAiusJ60DuH
o5v2iG1xiSnmVOj4qFVPaEc+CHVGq2U27Wkpq0oBuTlq0buF+XThpNVHWAmvQe+L
iTozAc3g3PMgV+nl+Ip7tGyrdtqPPX1g9kZtQGqtSlIzzFmar9k=
=LzIa
-----END PGP SIGNATURE-----

News for package modsecurity-crs