package/modsecurity2: security bump to version 2.9.7 (42e34cf1) · Commits · Infra Solutions / Reference Design / platsw / buildroot

Commit 42e34cf1 authored Feb 05, 2023 by Fabrice Fontaine Committed by Yann E. MORIN Feb 05, 2023

package/modsecurity2: security bump to version 2.9.7

- Fix CVE-2023-24021: Incorrect handling of '\0' bytes in file uploads
  in ModSecurity before 2.9.7 may allow for Web Application Firewall
  bypasses and buffer overflows on the Web Application Firewall when
  executing rules that read the FILES_TMP_CONTENT collection.
- host-pkgconf is mandatory and used to find libxml2 since
  https://github.com/SpiderLabs/ModSecurity/commit/baa38ddbaf55a87afecad7a1e1760c69a2689787
- pcre2 is supported since:
  https://github.com/SpiderLabs/ModSecurity/commit/8fc0b519b7a6c023259753a21f33bf3649a25b14

https://github.com/SpiderLabs/ModSecurity/blob/v2.9.7/CHANGES



Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

parent ae65870e

Hide whitespace changes

Inline Side-by-side

Please register or to comment