026 16:51:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 26825 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Mon, 04 May 2026 16:51:32 +0000 To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Jochen Neumeister Subject: git: 957b9a9920d3 - main - security/vuxml: Add modsecurity3 vulnerabilities List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: joneum X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 957b9a9920d3e54e25809f7f77ab35cef1d24996 Auto-Submitted: auto-generated Date: Mon, 04 May 2026 16:51:32 +0000 Message-Id: <69f8ce94.26825.60a02ced@gitrepo.freebsd.org> The branch main has been updated by joneum: URL: https://cgit.FreeBSD.org/ports/commit/?id=957b9a9920d3e54e25809f7f77ab35cef1d24996 commit 957b9a9920d3e54e25809f7f77ab35cef1d24996 Author: Jochen Neumeister AuthorDate: 2026-05-04 16:50:01 +0000 Commit: Jochen Neumeister CommitDate: 2026-05-04 16:51:04 +0000 security/vuxml: Add modsecurity3 vulnerabilities Document CVE-2026-42268 and CVE-2026-30923 in modsecurity3 before 3.0.15. PR: 294932 Sponsored by: Netzkommune GmbH --- security/vuxml/vuln/2026.xml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index ebcd5c8d39eb..885ac4e3d1a9 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,36 @@ + + modsecurity3 -- multiple vulnerabilities + + + modsecurity3 + 3.0.15 + + + + +

+ ModSecurity is an open source web application firewall engine. +

+ According to the upstream changelog, multiple vulnerabilities have been fixed. +

CVE-2026-42268: unsigned integer underflow in verify operators
CVE-2026-30923: buffer overflow in hex_decode

+ + + + CVE-2026-42268 + CVE-2026-30923 + https://github.com/owasp-modsecurity/ModSecurity/blob/v3.0.15/CHANGES + + + 2026-04-28 + 2026-05-04 + + + Mozilla -- Memory safety bugs