Package: modsecurity-crs Version: 3.3.0-1 Severity: normal Dear Maintainer,
The version of modsecurity-crs contains a vulnerability and needs to be updated to 3.3.2 to get the security fix: https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/ -- System Information: Debian Release: 11.0 APT prefers testing APT policy: (800, 'testing'), (750, 'proposed-updates'), (700, 'stable'), (600, 'oldstable'), (200, 'unstable'), (160, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-7-amd64 (SMP w/1 CPU thread) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled modsecurity-crs depends on no packages. Versions of packages modsecurity-crs recommends: ii libapache2-mod-security2 2.9.3-3 Versions of packages modsecurity-crs suggests: pn geoip-database-contrib <none> pn lua <none> pn python <none> ii ruby 1:2.7+2 -- Configuration Files: /etc/modsecurity/crs/crs-setup.conf changed [not included] -- no debconf information -- debsums errors found: debsums: changed file /usr/share/modsecurity-crs/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf (from modsecurity-crs package)
