- Package:
- release.debian.org
- Source:
- release.debian.org
- Submitter:
- Alberto Gonzalez Iniesta
- Date:
- 2026-05-26 20:09:06 UTC
- Severity:
- normal
- Tags:
[ Reason ] Fixes for CVE-2026-42268 and CVE-2026-30923 [ Impact ] Possible segmentation faults resulting in DoS. [ Tests ] Fixed and tested by upstream. [ Risks ] Low risk, simple patch. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Use safer iteration loops.
Hi, Please quote the CVE IDs in full in the changelog, and you should also Closes the relvant bugs even though they're fixed in sid. With those amendments please go ahead. Thanks,
Hi, Jonathan. I fixed the truncated CVE number. No "Closes:" since no related bug was ever opened. Please find attached new debdiff. Will upload in a few days if there's no objection. Thanks for your help, Alberto
package release.debian.org tags 1137280 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details ============== Package: modsecurity Version: 3.0.9-1+deb12u2 Explanation: prevent denial of service in hexDecode handling [CVE-2026-30923]; prevent denial of service in SSN/CPF/SVNR verification [CVE-2026-42268]
package release.debian.org tags 1137280 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details ============== Package: modsecurity Version: 3.0.9-1+deb12u2 Explanation: prevent denial of service in hexDecode handling [CVE-2026-30923]; prevent denial of service in SSN/CPF/SVNR verification [CVE-2026-42268]