Package: modsecurity-apache | Debian Sources

Package: modsecurity-apache / 2.9.3-3+deb11u2

Metadata

Package	Version	Patches format
modsecurity-apache	2.9.3-3+deb11u2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
debian_log_dir.patch \| (download)	modsecurity.conf-recommended \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	set correct path to log file
improve_defaults.patch \| (download)	modsecurity.conf-recommended \| 6 3 + 3 - 0 ! 1 file changed, 3 insertions(+), 3 deletions(-)	---
970833_fix.patch \| (download)	apache2/msc_util.c \| 12 3 + 9 - 0 ! apache2/msc_util.h \| 4 2 + 2 - 0 ! 2 files changed, 5 insertions(+), 11 deletions(-)	[patch] fix curl callback function
json_depth_limit.patch \| (download)	apache2/apache2_config.c \| 30 30 + 0 - 0 ! apache2/modsecurity.h \| 2 2 + 0 - 0 ! apache2/msc_json.c \| 27 25 + 2 - 0 ! apache2/msc_json.h \| 2 2 + 0 - 0 ! tests/regression/rule/15-json.t \| 69 69 + 0 - 0 ! 5 files changed, 128 insertions(+), 2 deletions(-)	this patch fixes cve-2021-42717 ModSecurity has a DoS Vulnerability in JSON Parsing. The bug has descibed in CVE-2021-42717. This patch fixes it.
multipart_part_headers.patch \| (download)	apache2/msc_multipart.c \| 147 106 + 41 - 0 ! apache2/msc_multipart.h \| 19 19 + 0 - 0 ! apache2/re_variables.c \| 57 57 + 0 - 0 ! modsecurity.conf-recommended \| 4 2 + 2 - 0 ! tests/regression/misc/00-multipart-parser.t \| 44 44 + 0 - 0 ! 5 files changed, 228 insertions(+), 43 deletions(-)	cve-2022-48279: multipart parsing fixes and new multipart_part_headers collection. ModSecurity creates from now a new variable: MULTIPART_PART_HEADERS This needs for some special CoreRuleSet rules, which has allocated CVE's.
CVE 2023 24021_FILES_TMP_CONTENT.patch \| (download)	apache2/re_variables.c \| 26 16 + 10 - 0 ! 1 file changed, 16 insertions(+), 10 deletions(-)	[patch] fix: files_tmp_content may sometimes lack complete content

1