- Package:
- release.debian.org
- Source:
- release.debian.org
- Submitter:
- Alberto Gonzalez Iniesta
- Date:
- 2026-05-26 20:09:06 UTC
- Severity:
- normal
- Tags:
[ Reason ] Fixes for CVE-2026-42268 and CVE-2026-30923 [ Impact ] Possible segmentation faults resulting in DoS. [ Tests ] Fixed and tested by upstream. [ Risks ] Low risk, simple patch. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Use safer iteration loops.
Hi, Please go ahead. Thanks,
Uploaded with a really little change in the changelog: - * Add fixes for CVE-2026-30923 and 2026-42268 + * Add fixes for CVE-2026-30923 and CVE-2026-42268 Thanks!
package release.debian.org tags 1137277 = trixie pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian trixie. Thanks for your contribution! Upload details ============== Package: modsecurity Version: 3.0.14-1+deb13u1 Explanation: prevent denial of service in hexDecode handling [CVE-2026-30923]; prevent denial of service in SSN/CPF/SVNR verification [CVE-2026-42268]
package release.debian.org tags 1137277 = trixie pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian trixie. Thanks for your contribution! Upload details ============== Package: modsecurity Version: 3.0.14-1+deb13u1 Explanation: prevent denial of service in hexDecode handling [CVE-2026-30923]; prevent denial of service in SSN/CPF/SVNR verification [CVE-2026-42268]