Forum: >>> Magnum BBS <<<

Bug#1107196: marked as done (modsecurity-apache: CVE-2025-48866) (2/2)

From Debian Bug Tracking System@1:229/2 to Debian FTP Masters on Tue Jun 3 18:10:02 2025

[continued from previous message]

by stravinsky.debian.org with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
(Exim 4.94.2)
(envelope-from <carnil@debian.org>)
id 1uMU2V-0034J4-Lr; Tue, 03 Jun 2025 15:58:58 +0000
Received: by eldamar.lan (Postfix, from userid 1000)
id 8D3E2BE2DE0; Tue, 03 Jun 2025 17:58:57 +0200 (CEST)
Date: Tue, 3 Jun 2025 17:58:57 +0200
From: Salvatore Bonaccorso <carnil@debian.org>
To: Ervin Hegedus <airween@gmail.com>,
Alberto Gonzalez Iniesta <agi@debian.org>
Cc: 1107196@bugs.debian.org, 1107196-done@bugs.debian.org
Subject: Re: Accepted modsecurity-apache 2.9.10-1 (source) into unstable Message-ID: <aD8bwUs-gryZzbeZ@eldamar.lan>
References: <E1uMTPH-0003kz-9e@fasolo.debian.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <E1uMTPH-0003kz-9e@fasolo.debian.org>
X-Debian-User: carnil

Source: modsecurity-apache
Source-Version: 2.9.10-1

On Tue, Jun 03, 2025 at 03:18:27PM +0000, Debian FTP Masters wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 02 Jun 2025 21:43:53 +0200
Source: modsecurity-apache
Architecture: source
Version: 2.9.10-1
Distribution: unstable
Urgency: medium
Maintainer: Ervin Hegedus <airween@gmail.com>
Changed-By: Ervin Heged�s <airween@gmail.com>
Changes:
modsecurity-apache (2.9.10-1) unstable; urgency=medium
.
[ Ervin Heged�s ]
* New upstream version 2.9.10
* Fixes CVE-2025-48866
Checksums-Sha1:
d099237dfc35231fbeb8718fdfaeb6c1037d7c6d 2211 modsecurity-apache_2.9.10-1.dsc
52475bab06539714a0021f0ebb432ab34a80762e 4342790 modsecurity-apache_2.9.10.orig.tar.gz
8bec5eb5b019442e135639c389b02f50723acb1c 9136 modsecurity-apache_2.9.10-1.debian.tar.xz
3c0bd140221421fb1c82e1472e87f8d809e17814 8967 modsecurity-apache_2.9.10-1_amd64.buildinfo
Checksums-Sha256:
661c9f2923d4f42100876bf2f0e58a4cc9f5e89cf639d5ef363aa6c9fceb1e28 2211 modsecurity-apache_2.9.10-1.dsc
1341108b21a4c29f5f187539b003ba07af8354c9e13cfd0f1ad8d489b23a409b 4342790 modsecurity-apache_2.9.10.orig.tar.gz
b20421f91e27757e36dbf15e325c018a42413d80ee15c06121cd672262ed4ee5 9136 modsecurity-apache_2.9.10-1.debian.tar.xz
1c626367c512f88df764825583aaceb9d6803bfbf3abc65d5b913f8d9bc887a7 8967 modsecurity-apache_2.9.10-1_amd64.buildinfo
Files:
974c1c6d03423ec8807977ebd7478609 2211 httpd optional modsecurity-apache_2.9.10-1.dsc
9d4deb01f23dd673e4b185880c9ee927 4342790 httpd optional modsecurity-apache_2.9.10.orig.tar.gz
b5e6376f110f8f115e74a4fdde3b1575 9136 httpd optional modsecurity-apache_2.9.10-1.debian.tar.xz
58abeef35a3643bca5c08faa78e3a838 8967 httpd optional modsecurity-apache_2.9.10-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCgAuFiEEU0fL2D4wqetNfUvyAJszdWuaqlUFAmg/CVwQHGFnaUBpbml0 dGFiLm9yZwAKCRAAmzN1a5qqVUV+EACmm6B5IPjaf4Oad40j76NcQR0TH5Bzqh0h rh+2XbFUxYJkw4wrFszvb6mJaZrNFVYEFgR0EeH+0xquIfa5MJKKVujAIBpMB9cS Zc62nWwD6LOm4JFgltkIh+vuauvH//MD3Sb7s7d6uDF9SUgpGcYXHgiaqUccfVTe lkiwNf7s3uq7ivBhxztK4VRUs9qP6Bu0VbyZH/HjdwS/eWXaOhKzy9BdfEiBJcbR 62B86R2ahfi8P7icG5wxak22QJQynXD53pbchK3vL5M4Ddx1/2S8EVP8Nh7vGCz4 ESOTLbUrUmI8g+3vMDic/2zRj4ylI+jbnN+KODOAT55IpOa9YNF0WklDj//aW8SQ IUh0gjXL+FiZkxw7sdjEu0g41hJETlpjAl4ES69xJ/OM49coGcNrLoVB3kZgdt2r KvBd+acdPp4FNukC9TrjegpTt9eLgScK/DdL9grumBIVXCNQvVvYzEvteYsfb9CJ oN5Sfwi/qaikpWLPyaiZ5LGLSzMterNPcn7DRZRznD2zvTA8VD6WS+RMzJr9GgkP mwdTXUCHkxlgmMTCq+IZ4+DR4FHYKgGShZV8RKysF0S+nn+UK0AXoi/MWC1xCrgd 3pcORoa/csnWDIVMfth66YYYpFrbzGiw9splMEncPsP//clc970VJ0W9OU1APA0o
ggkkeADcqw==
=Kba7
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

From Debian Bug Tracking System@1:229/2 to All on Wed Jun 11 20:50:02 2025

[continued from previous message]

bh=JEZfVGqcNobvT96gz/ZCRAlzcHqTZroARu17nUGmChM=; b=my1J9vA1lI5UPq7BGTMezvuTyG
jtuB2G2N4BXIukv08S7+tI/k/po/3kgqkOM8Mxsog2caZ4gLI7MfWwxLASuJ4M/K1NxujeV3R+kI3
eF9d5Gh+QUpT86nbwKk8g7IoYCY78Djj8EjcImElvLKwm7zLK+rHUF9B9X0euJlwvZKp/E/jiih4W
So1Ghm7I+c6AuG/jgVYzNc5RGgOKID7bfkDN09NHBDdmDAsSOHJtx5ZTzApbdwRahNXyEeM/Hv47X
/6SLKtzQ9ZaO+96lt0J4+S4wJntFFw53+wq1sVR2FZx7DsXBRwU6WdgDgjhhi/ziRyx6pAe6aHVOn
80+VS/ug==;
Received: from dak by fasolo.debian.org with local (Exim 4.94.2)
(envelope-from <envelope@ftp-master.debian.org>)
id 1uPQTf-002k37-KW; Wed, 11 Jun 2025 18:47:11 +0000
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Reply-To: =?utf-8?q?Ervin_Heged=C3=BCs?= <airween@gmail.com>
To: 1107196-close@bugs.debian.org
X-DAK: dak process-policy
X-Debian: DAK
X-Debian-Package: modsecurity-apache
Debian: DAK
Debian-Changes: modsecurity-apache_2.9.7-1+deb12u1_source.changes Debian-Source: modsecurity-apache
Debian-Version: 2.9.7-1+deb12u1
Debian-Architecture: source
Debian-Suite: proposed-updates
Debian-Archive-Action: accept
MIME-Version: 1.0
Subject: Bug#1107196: fixed in modsecurity-apache 2.9.7-1+deb12u1
Content-Type: multipart/signed; micalg="pgp-sha256";
protocol="application/pgp-signature";
boundary="===============5399522724674419165=="
Message-Id: <E1uPQTf-002k37-KW@fasolo.debian.org>
Date: Wed, 11 Jun 2025 18:47:11 +0000

--===============5399522724674419165==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Source: modsecurity-apache
Source-Version: 2.9.7-1+deb12u1
Done: Ervin Hegedüs <airween@gmail.com>

We believe that the bug you reported is fixed in the latest version of modsecurity-apache, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1107196@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ervin Hegedüs <airween@gmail.com> (supplier of updated modsecurity-apache package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 03 Jun 2025 14:03:05 +0200
Source: modsecurity-apache
Architecture: source
Version: 2.9.7-1+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Alberto Gonzalez Iniesta <agi@inittab.org>
Changed-By: Ervin Hegedüs <airween@gmail.com>
Closes: 1106286 1107196
Changes:
modsecurity-apache (2.9.7-1+deb12u1) bookworm-security; urgency=medium
.
* Fix CVE-2025-47947: Added d/patches/cve-2025-47947.patch
(Closes: #1106286)
* Fix CVE-2025-48866: Added d/patches/cve-2025-48866.patch
(Closes: #1107196)
Checksums-Sha1:
c464239cbb35de2a90a7e2529909ea4d8851f22b 2131 modsecurity-apache_2.9.7-1+deb12u1.dsc
5850d3ca72be8f874009d05fb2c72b29222ceb65 4307560 modsecurity-apache_2.9.7.orig.tar.gz
b2d102d12baf5da779f9ff16d03fe455fe655d9b 9116 modsecurity-apache_2.9.7-1+deb12u1.debian.tar.xz
daaf7c16d3b298fab9bde3dfe6dad9722ed370f9 8571 modsecurity-apache_2.9.7-1+deb12u1_amd64.buildinfo
Checksums-Sha256:
ed41246b4555aff54dc4538ded41ffcfe0d6580fe4c573bba6c8c60d657c9f7c 2131 modsecurity-apache_2.9.7-1+deb12u1.dsc
036bc4598384d8de138e751677a20910b795c42ca80188c7871d1bbac966f90c 4307560 modsecurity-apache_2.9.7.orig.tar.gz
c599547a5e0ef801b09ea1812130c0c83e78892c66ee7276d78a5338adb28e4c 9116 modsecurity-apache_2.9.7-1+deb12u1.debian.tar.xz
42265dd0b45f2170f04df85474e626a05dec6fd1b0ddc4fa7b8ffafe130e2783 8571 modsecurity-apache_2.9.7-1+deb12u1_amd64.buildinfo
Files:
a3e107d855ddea4e55b64b9dede2791b 2131 httpd optional modsecurity-apache_2.9.7-1+deb12u1.dsc
f8fb32bae803689fd13104a129834202 4307560 httpd optional modsecurity-apache_2.9.7.orig.tar.gz
31148da7708ac0d39318c0e5205da9ea 9116 httpd optional modsecurity-apache_2.9.7-1+deb12u1.debian.tar.xz
17444bf1dc6a488f7bbb5607f73113a5 8571 httpd optional modsecurity-apache_2.9.7-1+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCgAuFiEEU0fL2D4wqetNfUvyAJszdWuaqlUFAmhETRcQHGFnaUBpbml0 dGFiLm9yZwAKCRAAmzN1a5qqVXZSD/41+FjirZ7kClM86VG4F0Xfvx2CBEu+cPN1 zcjVe0gONkJGc0Jqta1DlXVZyfu4F9ZEgeZlWKngn2zcEdA4YW1NmsapQMXm6a/5 AvbY5iO7neEbG0ojwYjD52qaph92GVjFJKQkJPv4G9TQRM5Jf5i6f3FreK1T43lD 7BtzzFoeIczA67Nf6l3CebS8ERYuSQvu5zpJN3Q0fkrWEFyt/JdA+9NM51Hcu4JZ 9WbqPGjbqhC7zhd5qOJ6UfXZrjyON2Zqg2u/7oQx/9x8m4MKAeF9m3gVCLy2ittn a2vTaxltz/ijNdN70XO1Z2M8WbtvRvYQFeNACCHLKzpJBZHkAoLOhnKZC9tBLnGD uq0DyrCePMaUV2birSZXefvtl+HZF9+EmBQqraKKqpRwcF8mxGMPkYZH1JI8WHjy SrdTabSUnhUmuu/kXiu9qLTpSc03qjEd9Tt21+NOm6nHJ3+BJY0SFjcZdM4Au+Di NZXTP3ZGKi3lbIos72o2geNGjelg0ei81V9SJ2wWUCXpaTGJ9C2rP8a/O54tRkMb hRV8ilnN/iikkZk53b8P5vC+NrmPDS6g6fwTB8dIJNZvIetBOr3qzWLy1VWcdEDs 7GI3fW9Zz38Wl+lGw8P+dALO+ZLfiblggd59TYJPsMDqz3seZq8JnA6Z1buVbniY
udVlOJqihw==
=PoPH
-----END PGP SIGNATURE-----

--==============S99522724674419165=Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaEnPLwAKCRCb9qggYcy5 IZwjAP9Z0fYlDJ2T/Y+MPNWdY6HUeM62/gPY610wMv4YLzJ8fwEAykD/jdExAGRQ MyPktmfrmnGwJ5ZI0Tw79Xe9ybZ46gE=3VHb
-----END PGP SIGNATURE-----

--==============S99522724674419165==--

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Plume
  Sun Sep 14 09:34:52 2025
  from Uk via Raw
- Gretchiie
  Sun Sep 14 06:07:30 2025
  from Derry, Nh via Telnet
- Thlc
  Sat Sep 13 17:11:34 2025
  from Rognac, France via Telnet
- Thlc
  Sat Sep 13 17:04:03 2025
  from Rognac, France via Telnet
- Thlc
  Sat Sep 13 16:32:19 2025
  from Rognac, France via SSH
- Thlc
  Sat Sep 13 15:41:11 2025
  from Rognac, France via SSH
- Thlc
  Sat Sep 13 07:56:03 2025
  from Rognac, France via SSH
- Gretchiie
  Sat Sep 13 07:22:10 2025
  from Derry, Nh via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	546
Nodes:	16 (0 / 16)
Uptime:	169:31:35
Calls:	10,385
Calls today:	2
Files:	14,057
Messages:	6,416,552

Bug#1107196: marked as done (modsecurity-apache: CVE-2025-48866) (2/2)

Who's Online

Recent Visitors

System Info