Hi On Tue, Aug 24, 2021 at 03:17:40PM +0200, Salvatore Bonaccorso wrote: > Hi Alberto, > > On Tue, Aug 24, 2021 at 01:57:26PM +0200, Alberto Gonzalez Iniesta wrote: > > Package: release.debian.org > > Severity: normal > > Tags: buster > > User: release.debian....@packages.debian.org > > Usertags: pu > > > > Hi, > > > > This [1] security bug was found in modsecurity-crs. > > As with the previous update (modsecurity-crs_3.1.0-1+deb10u1), a DSA > > does not seem necessary (security team on Cc:) so I'm targeting buster > > proposed updates instead. > > > > Here's the debdiff. Hope it's all OK. > > > > I'll wait for your instructions before uploading. > > Correct, we marked the CVE as no-dsa for both buster an bullseye. I > would suggest to first fix this in unstable, which is sort of > aprerequisite to get the fix in stable and oldstable via the point > releases. > > Do you have an update as well pending for bullseye?
This should have gone as well to the actual bug, #992863. Apologies for the doubled message now. Regards, Salvatore
