#1137277 trixie-pu: package modsecurity/3.0.14-1+deb13u1

#1137277#5
Date:
2026-05-22 06:21:46 UTC
From:
To:

[ Reason ]
Fixes for CVE-2026-42268 and CVE-2026-30923

[ Impact ]
Possible segmentation faults resulting in DoS.

[ Tests ]
Fixed and tested by upstream.

[ Risks ]
Low risk, simple patch.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Use safer iteration loops.

#1137277#14
Date:
2026-05-24 09:57:29 UTC
From:
To:
Hi,

Please go ahead.

Thanks,

#1137277#21
Date:
2026-05-25 16:15:30 UTC
From:
To:
Uploaded with a really little change in the changelog:
-  * Add fixes for CVE-2026-30923 and 2026-42268
+  * Add fixes for CVE-2026-30923 and CVE-2026-42268

Thanks!

#1137277#26
Date:
2026-05-26 20:07:17 UTC
From:
To:
package release.debian.org
tags 1137277 = trixie pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian trixie.

Thanks for your contribution!

Upload details
==============

Package: modsecurity
Version: 3.0.14-1+deb13u1

Explanation: prevent denial of service in hexDecode handling [CVE-2026-30923]; prevent denial of service in SSN/CPF/SVNR verification [CVE-2026-42268]

#1137277#31
Date:
2026-05-26 20:07:17 UTC
From:
To:
package release.debian.org
tags 1137277 = trixie pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian trixie.

Thanks for your contribution!

Upload details
==============

Package: modsecurity
Version: 3.0.14-1+deb13u1

Explanation: prevent denial of service in hexDecode handling [CVE-2026-30923]; prevent denial of service in SSN/CPF/SVNR verification [CVE-2026-42268]