XPost: linux.debian.devel.release   
   From: tobi@debian.org   
      
   Package: release.debian.org   
   Severity: normal   
   Tags: security   
   X-Debbugs-Cc: modsecurity-crs@packages.debian.org, Debian Security Team   
      
   Control: affects -1 + src:modsecurity-crs   
   User: release.debian.org@packages.debian.org   
   Usertags: pu   
      
   This o-s-p-u fixes CVE-2023-38199, previously uploaded to LTS and ELTS   
   to close the gap in bookworm.   
      
   I was in close contact with the maintainer (also upstream) when creating   
   the (E)LTS updates, and LTS is the same version as bookworm.   
      
   Please see attached debdiff.   
      
   the security vulnerability is a web application firewall (WAF) bypass,   
      
   [ Checklist ]   
     [x] *all* changes are documented in the d/changelog   
     [x] I reviewed all changes and I approve them   
     [x ] attach debdiff against the package in (old)stable   
     [x ] the issue is verified as fixed in unstable   
      
   [ Changes ]   
      
   Beside the patch for the CVE, originating at upstream I've enabled   
   salsa-ci and also fixed a typo in the previous security uplaod, as the year   
   of the fixed CVE was off-by-one.   
      
   I'll be uploading the package to o-s-p-u after sending this mail.   
      
   --   
   tobi   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)