Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
From: Frank Vanbever <frank.vanbever@mind.be>
To: buildroot@buildroot.org, peter@korsgaard.com
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>,
	Yann Morin <yann.morin.1998@free.fr>
Subject: Re: [Buildroot] [PATCH 1/1] package/libmodsecurity: bump to version 3.0.8
Date: Thu, 23 Feb 2023 16:01:41 +0100	[thread overview]
Message-ID: <2902185.e9J7NaK4W3@wintermute> (raw)
In-Reply-To: <20230115173240.81077-1-fontaine.fabrice@gmail.com>

Hi all,

Any version of libmodsecurity < 3.0.8 is affected by CVE-2022-48279 [1] so this 
bump is also relevant for 2022.11.x (3.0.7) and 2022.02.x (3.0.6)

I originally backported the fix from 3.0.8 to 3.0.7 and it comes in at just 
under 1MB. This rightfully triggered a quarantine in the mailing list and is a 
pretty good sign that a version bump might be a better course of action here.

Best regards,
Frank

[1] https://nvd.nist.gov/vuln/detail/CVE-2022-48279

On zondag 15 januari 2023 18:32:40 CET Fabrice Fontaine wrote:
> https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  package/libmodsecurity/libmodsecurity.hash | 4 ++--
>  package/libmodsecurity/libmodsecurity.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/package/libmodsecurity/libmodsecurity.hash
> b/package/libmodsecurity/libmodsecurity.hash index 087157d162..7ba0ef7f18
> 100644
> --- a/package/libmodsecurity/libmodsecurity.hash
> +++ b/package/libmodsecurity/libmodsecurity.hash
> @@ -1,4 +1,4 @@
> -# From
> https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.7/modsecur
> ity-v3.0.7.tar.gz.sha256 -sha256 
> cfd8b7e7e6a0e9ca4e19b9adeb07594ba75eba16a66da5e9b0974c0117c21a34 
> modsecurity-v3.0.7.tar.gz +# From
> https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.8/modsecur
> ity-v3.0.8.tar.gz.sha256 +sha256 
> e241c89b3cd7e58a863d0d0d6b9b8ba4d33ffb0f51171044c258c62e3e7956c7 
> modsecurity-v3.0.8.tar.gz # Localy calculated
>  sha256  c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 
> LICENSE diff --git a/package/libmodsecurity/libmodsecurity.mk
> b/package/libmodsecurity/libmodsecurity.mk index 916ba8fbcb..e83fda895f
> 100644
> --- a/package/libmodsecurity/libmodsecurity.mk
> +++ b/package/libmodsecurity/libmodsecurity.mk
> @@ -4,7 +4,7 @@
>  #
>  ###########################################################################
> #####
> 
> -LIBMODSECURITY_VERSION = 3.0.7
> +LIBMODSECURITY_VERSION = 3.0.8
>  LIBMODSECURITY_SOURCE = modsecurity-v$(LIBMODSECURITY_VERSION).tar.gz
>  LIBMODSECURITY_SITE =
> https://github.com/SpiderLabs/ModSecurity/releases/download/v$(LIBMODSECURI
> TY_VERSION) LIBMODSECURITY_INSTALL_STAGING = YES




_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

      parent reply	other threads:[~2023-02-23 15:02 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-15 17:32 [Buildroot] [PATCH 1/1] package/libmodsecurity: bump to version 3.0.8 Fabrice Fontaine
2023-01-27 12:46 ` Peter Korsgaard
2023-02-23 15:01 ` Frank Vanbever [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2902185.e9J7NaK4W3@wintermute \
    --to=frank.vanbever@mind.be \
    --cc=buildroot@buildroot.org \
    --cc=fontaine.fabrice@gmail.com \
    --cc=peter@korsgaard.com \
    --cc=yann.morin.1998@free.fr \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox