#1137280 bookworm-pu: package modsecurity/3.0.9-1+deb12u2

#1137280#5
Date:
2026-05-22 07:08:59 UTC
From:
To:
[ Reason ]
Fixes for CVE-2026-42268 and CVE-2026-30923

[ Impact ]
Possible segmentation faults resulting in DoS.

[ Tests ]
Fixed and tested by upstream.

[ Risks ]
Low risk, simple patch.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Use safer iteration loops.

#1137280#14
Date:
2026-05-23 10:53:20 UTC
From:
To:
Hi,

Please quote the CVE IDs in full in the changelog, and you should also
Closes the relvant bugs even though they're fixed in sid. With those
amendments please go ahead.

Thanks,

#1137280#21
Date:
2026-05-25 08:24:05 UTC
From:
To:
Hi, Jonathan.

I fixed the truncated CVE number. No "Closes:" since no related bug was
ever opened. Please find attached new debdiff. Will upload in a few days
if there's no objection.

Thanks for your help,

Alberto

#1137280#26
Date:
2026-05-26 20:06:24 UTC
From:
To:
package release.debian.org
tags 1137280 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==============

Package: modsecurity
Version: 3.0.9-1+deb12u2

Explanation: prevent denial of service in hexDecode handling [CVE-2026-30923]; prevent denial of service in SSN/CPF/SVNR verification [CVE-2026-42268]

#1137280#31
Date:
2026-05-26 20:06:24 UTC
From:
To:
package release.debian.org
tags 1137280 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==============

Package: modsecurity
Version: 3.0.9-1+deb12u2

Explanation: prevent denial of service in hexDecode handling [CVE-2026-30923]; prevent denial of service in SSN/CPF/SVNR verification [CVE-2026-42268]