Created attachment 248170 [details] Patch The attached patch updates modsecurity3 to version 3.0.12. - Fixes the security vulnerability CVE 2024-1019 (https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v3.0.12)
Unfortunately, the ticket has been lying around almost unprocessed for a month now. Is there a reason for this? Have I forgotten something, for example?
Hi, While it's not a requirement it usually reduces time to process reports by quite a bit if you can do a build test(s) using Poudriere. Also, including relevant information such as is it run-tested and if so list os ver, arch and relevant software and their version(s). Best regards, Daniel
Hi Daniel, Thank you for your answer. The build test with Poudriere was successful. We are using the new version productively since 05.02.2024. OS: 14.0-RELEASE-p5 Arch: amd64 Best regards, Wolfgang
Created attachment 249182 [details] Poudriere build
(In reply to Wolfgang Gerlach from comment #4) Thanks for the patch. I'll work on it tomorrow. It's enough to mention the poudriere builds you did, please do not attach the build logs. Reason: It bloats the bugzilla database.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=e1d28513d03190ae18df0041926d23828e8ec760 commit e1d28513d03190ae18df0041926d23828e8ec760 Author: Wolfgang Gerlach <wolfgang.gerlach@proton.me> AuthorDate: 2024-03-16 13:16:09 +0000 Commit: Kurt Jaeger <pi@FreeBSD.org> CommitDate: 2024-03-16 13:16:09 +0000 security/modsecurity3: update 3.0.8 -> 3.0.12 - Trustwave transfered ModSecurity custodianship to OWASP effective January 25, 2024 - Fixes CVE 2024-1019 PR: 276817 Changes: https://github.com/owasp-modsecurity/ModSecurity/releases security/modsecurity3/Makefile | 4 ++-- security/modsecurity3/distinfo | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-)
Committed, thanks!