The following builds have been pushed to Fedora EPEL 7 updates-testing
libmodsecurity-3.0.9-2.el7
Details about builds:
================================================================================
libmodsecurity-3.0.9-2.el7 (FEDORA-EPEL-2023-c5ad3565aa)
A library that loads/interprets rules written in the ModSecurity SecRules
--------------------------------------------------------------------------------
Update Information:
Update to 3.0.9 after rebasing rawhide
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 27 2023 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 3.0.9-2
- Use geoip instead of libmaxminddb for EPEL 7 and 8 builds
* Sat Apr 15 2023 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 3.0.9-1
- 2828.patch: drop, included in 3.0.9
- Remove deps required for autoreconf
- Minor cosmetic change for configure
- ModSecurity_cookie_parsing_fix_303.patch: remove as not required since 3.0.4
- 0001-Fix-build-on-non-x86-arch.patch: remove as not required since 3.0.4
- modsecurity.pc: drop as is being shipped since 3.0.3
* Mon Mar 27 2023 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 3.0.8-3
- Use PCRE2 rhbz#2128321
- Use libmaxminddb instead of old GeoIP
- Migrate to SPDX identifier for License
- Change homepage
- Remove .la file for EPEL
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.8-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Oct 15 2022 Othman Madjoudj <athmane(a)fedoraproject.org> - 3.0.8-1
- Update to maintenance release 3.0.8
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.4-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.4-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.4-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Mar 30 2021 Jonathan Wakely <jwakely(a)redhat.com> - 3.0.4-4
- Rebuilt for removed libstdc++ symbol (#1937698)
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.4-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1879590 - CVE-2020-15598 libmodsecurity: specially crafted payload could
result in a DoS [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1879590
[ 2 ] Bug #1957934 - CVE-2019-25043 libmodsecurity: crafted key-value pair can lead to
DoS [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1957934
[ 3 ] Bug #2021302 - CVE-2021-35368 libmodsecurity: request body bypass via a trailing
pathname [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2021302
[ 4 ] Bug #2031843 - CVE-2021-42717 libmodsecurity: crafted JSON objects with nesting
could result in the web server being unable to service legitimate requests [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2031843
--------------------------------------------------------------------------------