package/libmodsecurity: security bump to version 3.0.9 (f6f9b093) · Commits · SystemReady / firmware-build / Buildroot

Commit f6f9b093 authored Apr 28, 2023 by Frank Vanbever Committed by Peter Korsgaard Aug 31, 2023

package/libmodsecurity: security bump to version 3.0.9

Fixes the following security issue:
- CVE-2023-28882: Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows
  a denial of service (worker crash and unresponsiveness) because some inputs
  cause a segfault in the Transaction class for some configurations.

  https://security-tracker.debian.org/tracker/CVE-2023-28882



- Drop 0003-Revert-Fix-maxminddb-link-on-FreeBSD.patch, handling of libmaxminddb
  was fixed upstream in d2b700d
- Drop 0004-build-pcre.m4-fix-build-without-pcre.patch, handling of PCRE was
  fixed upstream in 791964a

Signed-off-by: Frank Vanbever <frank.vanbever@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a1e0e727)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

parent 63dc6f6d

Hide whitespace changes

Inline Side-by-side

Please register or to comment