Package: modsecurity-apache / 2.9.3-1+deb10u1

Metadata

Package Version Patches format
modsecurity-apache 2.9.3-1+deb10u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
debian_log_dir.patch | (download)

modsecurity.conf-recommended | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 set correct path to log file
improve_defaults.patch | (download)

modsecurity.conf-recommended | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 
---
json_depth_limit.patch | (download)

apache2/apache2_config.c | 30 30 + 0 - 0 !
apache2/modsecurity.h | 2 2 + 0 - 0 !
apache2/msc_json.c | 28 26 + 2 - 0 !
apache2/msc_json.h | 2 2 + 0 - 0 !
tests/regression/rule/15-json.t | 68 68 + 0 - 0 !
5 files changed, 128 insertions(+), 2 deletions(-)

 
 this patch fixes cve-2021-42717
 ModSecurity has a DoS Vulnerability in JSON Parsing. The bug
 has descibed in CVE-2021-42717. This patch fixes it.