261526 – security/modsecurity3: Update to 3.0.6

Bug 261526 - security/modsecurity3: Update to 3.0.6

Summary: security/modsecurity3: Update to 3.0.6

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Many People
Assignee:	Ryan Steinmetz

URL:	https://github.com/SpiderLabs/ModSecu...
Keywords:	needs-patch, security

Depends on:
Blocks:

Reported:	2022-01-27 21:09 UTC by Rafael Grether
Modified:	2022-07-30 06:57 UTC (History)
CC List:	3 users (show)

See Also:

Flags:	koobs: merge-quarterly?

Attachments
PATCH update security/modsecurity3 to 3.0.6 (1.85 KB, patch) 2022-03-15 20:43 UTC, Rafael Grether	devnull: maintainer-approval? (marius.halden)	Details \| Diff
vuXML entry (1.03 KB, application/xml) 2022-03-15 21:12 UTC, Rafael Grether	no flags	Details
VuXML Entry (1.36 KB, patch) 2022-03-24 21:26 UTC, Rafael Grether	devnull: maintainer-approval?	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Rafael Grether 2022-01-27 21:09:15 UTC

Please update modsecurity3 to 3.0.6
There is a security issue involved: possible DoS issue.

Thanks

Comment 1 Rafael Grether 2022-03-15 20:43:19 UTC

Created attachment 232476 [details]
PATCH update security/modsecurity3 to 3.0.6

Applied a patch.

This patch is about security fixes, possible DoS issue related in CVE-2021-42717.

It took me a while to release due to testing on apache and nginx servers.

It has no reverse dependencies, but it has been tested with modsecurity3-apache and modsecurity3-nginx, a connector to communicate with apache and nginx servers.

Comment 2 Rafael Grether 2022-03-15 21:12:38 UTC

Created attachment 232477 [details]
vuXML entry

vuXML entry added, CVE related: CVE-2021-42717

Comment 3 Kubilay Kocak freebsd_committer

2022-03-24 00:28:12 UTC

@Rafael Please update the vuxml change to be a diff against the security/vuxml port. You can run `make newentry` to create a new entry template that you can then edit, and save. Once saved, you can test the syntax by running `make validate` (which will need some tools installed)

@Maintainer (Marius) Please set the maintainer-approval flag to + if you approve the patch. Attachment -> Details -> Set maintainer-approval flag (to +)

Comment 4 Kubilay Kocak freebsd_committer

2022-03-24 00:32:08 UTC

Comment on attachment 232477 [details]
vuXML entry

This needs to be a diff against security/vuxml after `make newentry`

Comment 5 Rafael Grether 2022-03-24 21:26:15 UTC

Created attachment 232683 [details]
VuXML Entry

Added a diff against Vuxml entry.
@MARIUS, please rate and approve the patches.

Comment 6 Rafael Grether 2022-07-26 15:57:09 UTC

@MAINTAINER timeout.

Comment 7 Jochen Neumeister freebsd_committer

2022-07-26 16:09:28 UTC

i will have a look the next days :)

Comment 8 Jochen Neumeister freebsd_committer

2022-07-30 06:57:13 UTC

modsecurity3 was already updated by Ryan on 12.4.2022:

https://cgit.freebsd.org/ports/commit/?id=6a77785b5b66e793783b3f04109aa54e44bb7ce8