NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0876da5ea1
kumquat-buildroot/package/modsecurity2/modsecurity2.hash
Fabrice Fontaine 458617f635 package/modsecurity2: security bump to version 2.9.5 
- Fix CVE-2021-42717: ModSecurity 3.x through 3.0.5 mishandles
  excessively nested JSON objects. Crafted JSON objects with nesting
  tens-of-thousands deep could result in the web server being unable to
  service legitimate requests. Even a moderately large (e.g., 300KB)
  HTTP request can occupy one of the limited NGINX worker processes for
  minutes and consume almost all of the available CPU on the machine.
  Modsecurity 2 is similarly vulnerable: the affected versions include
  2.8.0 through 2.9.4.
- Use official tarball and so drop autoreconf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-12-17 22:50:25 +01:00

6 lines
307 B
Plaintext
Raw Blame History

# From https://github.com/SpiderLabs/ModSecurity/releases/download/v2.9.5/modsecurity-2.9.5.tar.gz.sha256
sha256 e2bfc8cd8b8de1e21f054d310543373ea5d89adbd96784e832be0da3e4dc149e modsecurity-2.9.5.tar.gz
# Locally computed
sha256 2c564f5a67e49e74c80e5a7dcacd1904e7408f1fd6a95218b38c04f012d94cb9 LICENSE
Reference in New Issue View Git Blame Copy Permalink