Summary: | <www-apache/modsecurity-crs-3.3.4: multiple vulnerabilities | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> | ||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | minor | CC: | maintainer-needed | ||||||||
Priority: | Normal | Keywords: | PullRequest | ||||||||
Version: | unspecified | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
URL: | https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ | ||||||||||
See Also: |
https://github.com/gentoo/gentoo/pull/27886 https://bugs.gentoo.org/show_bug.cgi?id=891777 |
||||||||||
Whiteboard: | B4 [glsa+] | ||||||||||
Package list: | Runtime testing required: | --- | |||||||||
Bug Depends on: | 883951 | ||||||||||
Bug Blocks: | |||||||||||
Attachments: |
|
Description
John Helmert III
2022-09-20 18:46:53 UTC
Hi All, It looks like 3.3.3 has been superseded by 3.3.4 as well. These new versions also have a minimum requirement of 2.9.6 for www-apache/mod_security and 3.0.8 for dev-libs/modsecurity I'll attach my build files for: modsecurity-crs-3.3.4.ebuild modsecurity-3.0.8.ebuild mod_security-2.9.6.ebuild which I am currently using to manage this CVE. G. Created attachment 813643 [details]
www-apache/modsecurity-crs/modsecurity-crs-3.3.4.ebuild
Created attachment 813646 [details]
www-apache/mod_security/mod_security-2.9.6.ebuild
Created attachment 813649 [details]
dev-libs/modsecurity/modsecurity-3.0.8.ebuild
(In reply to Graham E from comment #4) > Created attachment 813649 [details] > dev-libs/modsecurity/modsecurity-3.0.8.ebuild Hi, could you open a PR for https://github.com/gentoo/gentoo? Hi. Pull request hopefully raised as #27444 G. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d20bf8a1839f65630232bf3a43bbae464d94d3d4 commit d20bf8a1839f65630232bf3a43bbae464d94d3d4 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-10-22 04:05:11 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-11-21 09:21:05 +0000 www-apache/modsecurity-crs: add 3.3.4 Bug: https://bugs.gentoo.org/872077 Closes: https://bugs.gentoo.org/869737 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/27886 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-apache/modsecurity-crs/Manifest | 1 + www-apache/modsecurity-crs/metadata.xml | 11 +++--- .../modsecurity-crs/modsecurity-crs-3.3.4.ebuild | 42 ++++++++++++++++++++++ 3 files changed, 50 insertions(+), 4 deletions(-) Thanks! Please stabilize when ready The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6854b2428ca58558edd747e8f2d30aaac1d21fea commit 6854b2428ca58558edd747e8f2d30aaac1d21fea Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-12-02 06:14:33 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-12-02 06:15:17 +0000 www-apache/modsecurity-crs: drop 3.3.2 Bug: https://bugs.gentoo.org/872077 Signed-off-by: John Helmert III <ajak@gentoo.org> www-apache/modsecurity-crs/Manifest | 1 - .../modsecurity-crs/modsecurity-crs-3.3.2.ebuild | 33 ---------------------- 2 files changed, 34 deletions(-) GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=e18d39bd8feec34396dd5f946e2b6a0c3031adff commit e18d39bd8feec34396dd5f946e2b6a0c3031adff Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-21 19:43:55 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-21 19:51:33 +0000 [ GLSA 202305-25 ] OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/822003 Bug: https://bugs.gentoo.org/872077 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202305-25.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) GLSA released, all done! |