Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.bugs.dist > #1291399
| From | Alberto Gonzalez Iniesta <agi@inittab.org> |
|---|---|
| Newsgroups | linux.debian.bugs.dist, linux.debian.devel.release |
| Subject | Bug#1135210: bookworm-pu: package modsecurity-crs/3.3.4-1+deb12u2 |
| Date | 2026-04-29 12:00 +0200 |
| Message-ID | <MP9S1-1fIs-1@gated-at.bofh.it> (permalink) |
| Organization | linux.* mail to news gateway |
Cross-posted to 2 groups.
[Multipart message — attachments visible in raw view] - view raw
Package: release.debian.org Severity: normal Tags: security X-Debbugs-Cc: modsecurity-crs@packages.debian.org, airween@gmail.com, Debian Security Team <team@security.debian.org> Control: affects -1 + src:modsecurity-crs User: release.debian.org@packages.debian.org Usertags: pu [ Reason ] Fix for CVE-2026-33691 [ Impact ] Bypass security rules allowing upload of files with dangerous extensions by inserting whitespace padding in the filename. [ Tests ] Fixed and tested by upstream. [ Risks ] Low risk, simple patch. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Remove whitespaces in uploaded file names before checking its file extension.
Back to linux.debian.bugs.dist | Previous | Next — Next in thread | Find similar
Bug#1135210: bookworm-pu: package modsecurity-crs/3.3.4-1+deb12u2 Alberto Gonzalez Iniesta <agi@inittab.org> - 2026-04-29 12:00 +0200
Bug#1135210: bookworm-pu: package modsecurity-crs/3.3.4-1+deb12u2 Salvatore Bonaccorso <carnil@debian.org> - 2026-04-29 13:40 +0200
Bug#1135210: bookworm-pu: package modsecurity-crs/3.3.4-1+deb12u2 Alberto Gonzalez Iniesta <agi@inittab.org> - 2026-04-29 16:30 +0200
csiph-web