| Message ID | 20230115173240.81077-1-fontaine.fabrice@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] package/libmodsecurity: bump to version 3.0.8 | expand |
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed, thanks.
Hi all, Any version of libmodsecurity < 3.0.8 is affected by CVE-2022-48279 [1] so this bump is also relevant for 2022.11.x (3.0.7) and 2022.02.x (3.0.6) I originally backported the fix from 3.0.8 to 3.0.7 and it comes in at just under 1MB. This rightfully triggered a quarantine in the mailing list and is a pretty good sign that a version bump might be a better course of action here. Best regards, Frank [1] https://nvd.nist.gov/vuln/detail/CVE-2022-48279 On zondag 15 januari 2023 18:32:40 CET Fabrice Fontaine wrote: > https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8 > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> > --- > package/libmodsecurity/libmodsecurity.hash | 4 ++-- > package/libmodsecurity/libmodsecurity.mk | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/package/libmodsecurity/libmodsecurity.hash > b/package/libmodsecurity/libmodsecurity.hash index 087157d162..7ba0ef7f18 > 100644 > --- a/package/libmodsecurity/libmodsecurity.hash > +++ b/package/libmodsecurity/libmodsecurity.hash > @@ -1,4 +1,4 @@ > -# From > https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.7/modsecur > ity-v3.0.7.tar.gz.sha256 -sha256 > cfd8b7e7e6a0e9ca4e19b9adeb07594ba75eba16a66da5e9b0974c0117c21a34 > modsecurity-v3.0.7.tar.gz +# From > https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.8/modsecur > ity-v3.0.8.tar.gz.sha256 +sha256 > e241c89b3cd7e58a863d0d0d6b9b8ba4d33ffb0f51171044c258c62e3e7956c7 > modsecurity-v3.0.8.tar.gz # Localy calculated > sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 > LICENSE diff --git a/package/libmodsecurity/libmodsecurity.mk > b/package/libmodsecurity/libmodsecurity.mk index 916ba8fbcb..e83fda895f > 100644 > --- a/package/libmodsecurity/libmodsecurity.mk > +++ b/package/libmodsecurity/libmodsecurity.mk > @@ -4,7 +4,7 @@ > # > ########################################################################### > ##### > > -LIBMODSECURITY_VERSION = 3.0.7 > +LIBMODSECURITY_VERSION = 3.0.8 > LIBMODSECURITY_SOURCE = modsecurity-v$(LIBMODSECURITY_VERSION).tar.gz > LIBMODSECURITY_SITE = > https://github.com/SpiderLabs/ModSecurity/releases/download/v$(LIBMODSECURI > TY_VERSION) LIBMODSECURITY_INSTALL_STAGING = YES
diff --git a/package/libmodsecurity/libmodsecurity.hash b/package/libmodsecurity/libmodsecurity.hash index 087157d162..7ba0ef7f18 100644 --- a/package/libmodsecurity/libmodsecurity.hash +++ b/package/libmodsecurity/libmodsecurity.hash @@ -1,4 +1,4 @@ -# From https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.7/modsecurity-v3.0.7.tar.gz.sha256 -sha256 cfd8b7e7e6a0e9ca4e19b9adeb07594ba75eba16a66da5e9b0974c0117c21a34 modsecurity-v3.0.7.tar.gz +# From https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.8/modsecurity-v3.0.8.tar.gz.sha256 +sha256 e241c89b3cd7e58a863d0d0d6b9b8ba4d33ffb0f51171044c258c62e3e7956c7 modsecurity-v3.0.8.tar.gz # Localy calculated sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 LICENSE diff --git a/package/libmodsecurity/libmodsecurity.mk b/package/libmodsecurity/libmodsecurity.mk index 916ba8fbcb..e83fda895f 100644 --- a/package/libmodsecurity/libmodsecurity.mk +++ b/package/libmodsecurity/libmodsecurity.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBMODSECURITY_VERSION = 3.0.7 +LIBMODSECURITY_VERSION = 3.0.8 LIBMODSECURITY_SOURCE = modsecurity-v$(LIBMODSECURITY_VERSION).tar.gz LIBMODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity/releases/download/v$(LIBMODSECURITY_VERSION) LIBMODSECURITY_INSTALL_STAGING = YES
https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/libmodsecurity/libmodsecurity.hash | 4 ++-- package/libmodsecurity/libmodsecurity.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)