Bug#949682: marked as done (Denial of Service due to cooking handling)

Sat, 25 Jan 2020 11:04:18 -0800 

Your message dated Sat, 25 Jan 2020 19:02:11 +0000
with message-id <e1ivqh9-0001fu...@fasolo.debian.org>
and subject line Bug#949682: fixed in modsecurity 3.0.3-1+deb10u1
has caused the Debian Bug report #949682,
regarding Denial of Service due to cooking handling
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
949682: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949682
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libmodsecurity3
Version: 3.0.3-1
Severity: serious
Tags: security upstream

A security issue was discovered by Ervin Hegedüs in Modsecurity 3.0.3.
More info:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-denial-of-service-details-cve-2019-19886/

Fixed package is already in unstable.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.4.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

--- End Message ---
--- Begin Message --- 
Source: modsecurity
Source-Version: 3.0.3-1+deb10u1

We believe that the bug you reported is fixed in the latest version of
modsecurity, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 949...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ervin Hegedus <airw...@gmail.com> (supplier of updated modsecurity package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 21 Jan 2020 21:52:59 +0000
Source: modsecurity
Binary: libmodsecurity-dev libmodsecurity3 libmodsecurity3-dbgsym
Architecture: source amd64
Version: 3.0.3-1+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Alberto Gonzalez Iniesta <a...@inittab.org>
Changed-By: Ervin Hegedus <airw...@gmail.com>
Description:
 libmodsecurity-dev - ModSecurity v3 library component (development files)
 libmodsecurity3 - ModSecurity v3 library component
Closes: 949682
Changes:
 modsecurity (3.0.3-1+deb10u1) buster; urgency=medium
 .
   * Fixes CVE-2019-19886 (Closes: #949682)
Checksums-Sha1:
 593200b3328a0c0c0df2238a1a0c012a8ffbb632 2138 modsecurity_3.0.3-1+deb10u1.dsc
 f2d657e370440f94fe85b4cf8bc55b9bed7445c5 9436 
modsecurity_3.0.3-1+deb10u1.debian.tar.xz
 8e8ba82f6a04b5d4429c4420d88656b218d5e52e 616272 
libmodsecurity-dev_3.0.3-1+deb10u1_amd64.deb
 97baf1eb33f4e5f3c47849623fe649dbe6b11500 22211488 
libmodsecurity3-dbgsym_3.0.3-1+deb10u1_amd64.deb
 67dc88aa3948d82f37e91bbe06ccb59b5de481d3 514324 
libmodsecurity3_3.0.3-1+deb10u1_amd64.deb
 05fa4edfae51dd648d1e746eafa664e537f99f26 7482 
modsecurity_3.0.3-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
 ca383adb092af814d3a898dd0d7c914d8355b446920ec6a2434d80ccb96add29 2138 
modsecurity_3.0.3-1+deb10u1.dsc
 4cd4ea1227ac7e8c48fdb292aeb474ec8737ae08b0c38681e3996c0727b6a232 9436 
modsecurity_3.0.3-1+deb10u1.debian.tar.xz
 e7a57aaeed5d48b058a053f35a5747408c9694acde5bbebaff117bc6cb4cfc45 616272 
libmodsecurity-dev_3.0.3-1+deb10u1_amd64.deb
 4447041a00c13400c006b4799a743bc222af8d8fd820306b4be1d21e7585cce2 22211488 
libmodsecurity3-dbgsym_3.0.3-1+deb10u1_amd64.deb
 5a5a77198b3478fa3efc8b5dec572a042629e24180b06b286538f2e22c7b47bb 514324 
libmodsecurity3_3.0.3-1+deb10u1_amd64.deb
 c355f785e6ec283ec7a96a272103d6bb5e9e0e5f53774d559771b9709669c1e3 7482 
modsecurity_3.0.3-1+deb10u1_amd64.buildinfo
Files:
 bd2adde7a987588a9b2797054a2b4f7b 2138 libs optional 
modsecurity_3.0.3-1+deb10u1.dsc
 6f6e1c7f87a76537ae5fa4dac31bac3a 9436 libs optional 
modsecurity_3.0.3-1+deb10u1.debian.tar.xz
 56dbbd533a5858588f89a14d370588ba 616272 libdevel optional 
libmodsecurity-dev_3.0.3-1+deb10u1_amd64.deb
 2e7e0ca52794e7b71db790930570334c 22211488 debug optional 
libmodsecurity3-dbgsym_3.0.3-1+deb10u1_amd64.deb
 54dbf31ca43def2884ed7e2153cdbb27 514324 libs optional 
libmodsecurity3_3.0.3-1+deb10u1_amd64.deb
 e74ab1e6a05bb50578b189623e81e307 7482 libs optional 
modsecurity_3.0.3-1+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEU0fL2D4wqetNfUvyAJszdWuaqlUFAl4sDMQACgkQAJszdWua
qlUKZxAArNcPFA2fhLS7xEvk367zcpA3YSJCCrzG17oKSfhVqrJoDsWA/65COOjN
Pp+WTrGdPhdNuyjUtwqZ/zVbjYWzvQu0A4Bczya6g8DD8y4bm5Xdz40kqqkChP9Y
+hNixVE8kmMXOKw20wtv0XSZtRcAOCMa3+SoSS5z/XbjKCTfm/77Sfit4iAguk7I
eMtH1uGPvZjKdhVmCRhsE+X473cfBaOH6rUjggARwt5mL+mvTjJpI9S6OAtYVH0z
atVUI8i36SH6+/RKuU8Bkq5ACQtUxJldO5rl1XpQmSPq0A4QHNQEAga1g9X87kNY
BXbWu2J0gxmt1KnmgfFQWTszoLsiM35ls6z159KkI4VmV/1V+nd8n+MKpNoE78h0
ET56KhNzan3FqFTyZ29pbr1sdMpOal0E4p+kxhEBY7B+BPjSMrAOhm9XBD8LkGN7
tJaV5MdCvu5LPG0dlUUeWvLO2ksu4jUXOfg57yljgHAKUMFvZSrstRelzGmZzVOL
A9JOVKt2udvR/axwGsu+7FSGwh/Nec86sODqbbrsy8o4C8USiHHr+IafYhJkNZQd
9OfQMRbaP3Sr/+PkDD7QYfKZoss2CDo6mJKIoZOQ3hynypeomgwuqVFEtdshspOb
NwuV/maDz+Q9aqg88E2GOmB/OlDgDDD7Rr7IgiWXzkYx7xPw/cE=
=F93Y
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to