Accepted libapache2-mod-auth-openidc 2.3.10.2-1+deb10u2 (source) into oldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted libapache2-mod-auth-openidc 2.3.10.2-1+deb10u2 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 30 Apr 2023 20:40:23 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: libapache2-mod-auth-openidc_2.3.10.2-1+deb10u2_source.changes
- Debian-source: libapache2-mod-auth-openidc
- Debian-suite: oldstable
- Debian-version: 2.3.10.2-1+deb10u2
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=/LttacV2enWkWOTNHVo+4/Pxb5kC53Sg3X5JD7FgX08=; b=u/39yjWUK+22KvKtbDPnsu1weQ 1xaZjP/PddG/lMBGgQhHdqBgu8bEY2r8bChl5gcUaCkmo9sYzhRYSk6SwT0Z9L9yZXX1JJOvcdQh2 XtIFUmSJS+Hc9nqFOYspCBetKOu+fXx/QQHtixKCMSM2Y7pNg3ijlkBLO7U+iUim4MqfpSVwKawPd 7zdCMiZB9UT8A05VV030SHq30BYzrsvY/zfnJBdHxHErrs4LX7/hGzWztE7d1zVz59SzhCLJZAJGP IT8LxoY7jtRGyn39EC0d6Sv7wqKII1Nhq1wNRG2kPKCJ07S49eNVp24DeRZRoXr1bSpLM5VCj4Fk0 4+OruIiA==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1ptDqJ-003UPV-Et@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 30 Apr 2023 22:31:27 +0300
Source: libapache2-mod-auth-openidc
Architecture: source
Version: 2.3.10.2-1+deb10u2
Distribution: buster-security
Urgency: medium
Maintainer: Moritz Schlarb <schlarbm@uni-mainz.de>
Changed-By: Adrian Bunk <bunk@debian.org>
Changes:
libapache2-mod-auth-openidc (2.3.10.2-1+deb10u2) buster-security; urgency=medium
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2019-20479: Insufficient validatation of URLs beginning with
a slash and backslash.
* CVE-2021-32785: Crash when using an unencrypted Redis cache.
* CVE-2021-32786: Open Redirect vulnerability in the logout functionality.
* CVE-2021-32791: AES GCM encryption in used static IV and AAD.
* CVE-2021-32792: XSS vulnerability when using OIDCPreservePost.
* CVE-2023-28625: NULL pointer dereference with OIDCStripCookies.
Checksums-Sha1:
5588e76fc19351e31f4d99fd12a16f729578a7be 2534 libapache2-mod-auth-openidc_2.3.10.2-1+deb10u2.dsc
bede99318fd540076dc2e2f2f80714ae1736b0bb 263825 libapache2-mod-auth-openidc_2.3.10.2.orig.tar.gz
481efbc75e5b1e4a250c25e9b955f254ef812b57 11772 libapache2-mod-auth-openidc_2.3.10.2-1+deb10u2.debian.tar.xz
Checksums-Sha256:
a6922e6d04d0e8db2df176e13cdf3b30a7e972233b4a30985aa76a4736c0e82a 2534 libapache2-mod-auth-openidc_2.3.10.2-1+deb10u2.dsc
d72fd1131554225b9256a5d5f5e93ecce298ac8946c2511973ab07436902c641 263825 libapache2-mod-auth-openidc_2.3.10.2.orig.tar.gz
858641603b23c7ffb23d0321c33fe45e9085912e3c27cbe7cc7c06d76085b8ae 11772 libapache2-mod-auth-openidc_2.3.10.2-1+deb10u2.debian.tar.xz
Files:
8c94117c2e1c35fda20724898317f376 2534 httpd optional libapache2-mod-auth-openidc_2.3.10.2-1+deb10u2.dsc
6b81eb34bfc2baecd44bb3a775d27a1d 263825 httpd optional libapache2-mod-auth-openidc_2.3.10.2.orig.tar.gz
18ac62858feb4aba8c8f61441159aca9 11772 httpd optional libapache2-mod-auth-openidc_2.3.10.2-1+deb10u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmROzzEACgkQiNJCh6LY
mLGSjRAAj9u0C01DmW8lliJiOEUd5mrwaYWPliwFGX0cjHz192iPEn4VYb/idvzo
/B6HPLlKKA23Am0kRzmVnqgTu1/TMJnY9tOuEZ3hQQHpB85GKTAB+MtKuqpA6o/s
ZPwtrO66CMzEQWg+OwCSBfZ5giiH6VvEYtl2E4+ho7DMRCXy6bLfIig3rQuULlxK
N8oR5nnS/3nr90w2d2XIxdJ7Gl7CFti7CGkohuAGNkDxFWEAJaulRQkoUPVetLEk
vf8Lb0pKz5CQg8UKmClAlaeRE44eQHI/p8q1dyR9zkrKt8YHuqOthaq4xsuTj8Ku
Ojomszx1TJXDW8EZQZY3BFcWgp4x3hACIcgJ+yF/y8ZS3+gzFqEqKD/2Ti7Xw9ff
Vx9DWvr9lruexebjABbPEqewd8/hiVeZAOTUr0g5XkRt0tnfTOlSYe7jBmtNfarp
gKcUfriDjg74MDwaTo1Xsgo3U2lOkEggbSiylJhuTUEfXLUvGSgBI2+zIf2RJ13O
QekcQc8oeJ7ys3hRO63TS8S0/eS54NMx+O8+xsiplWPJ9rlfCDUObpqkaB0mjQPo
e7UvspGsAWBPuncc1jA7lxkgfPyG5T1h8BYv2S4ulSqjkD/4qGkA9IexYwuNPlmN
oC5v/ekpDgI+w8d0dg+UR17y+MzZi8qYHKmOgVJ1WmPTDuMbgSo=
=MSoO
-----END PGP SIGNATURE-----