Hi Salvatore!! On Tue, Aug 24, 2021 at 03:17:36PM +0200, Salvatore Bonaccorso wrote: > Hi Alberto, > > On Tue, Aug 24, 2021 at 01:57:26PM +0200, Alberto Gonzalez Iniesta wrote: > > Package: release.debian.org > > Severity: normal > > Tags: buster > > User: release.debian....@packages.debian.org > > Usertags: pu > > > > Hi, > > > > This [1] security bug was found in modsecurity-crs. > > As with the previous update (modsecurity-crs_3.1.0-1+deb10u1), a DSA > > does not seem necessary (security team on Cc:) so I'm targeting buster > > proposed updates instead. > > > > Here's the debdiff. Hope it's all OK. > > > > I'll wait for your instructions before uploading. > > Correct, we marked the CVE as no-dsa for both buster an bullseye. I > would suggest to first fix this in unstable, which is sort of > aprerequisite to get the fix in stable and oldstable via the point > releases.
Yes, updated package got in unstable today. > Do you have an update as well pending for bullseye? Yes, I'll open a new PU request for it too. Thanks, Alberto -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico mailto/sip: a...@inittab.org | en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55
