A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
That’s the essence of the CVE-2021-23017 that was published on May 25. I patched NGINX Extended few days later for
hirsute will join the builds eventually.
Additionally there was a minor bugfix release for ModSecurity, v1.0.2. It’s now also available in the PPA.