Back to libapache2-mod-auth-openidc PTS page

Accepted libapache2-mod-auth-openidc 2.4.12.3-2+deb12u1 (source) into proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted libapache2-mod-auth-openidc 2.4.12.3-2+deb12u1 (source) into proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 22 Apr 2024 17:02:10 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_source.changes
Debian-source: libapache2-mod-auth-openidc
Debian-suite: proposed-updates
Debian-version: 2.4.12.3-2+deb12u1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=F+ZSY3klnjD6UOGnEcRogwgO5zgZPzJ8eA+l5qk9ZU8=; b=ttiTnmxJAWNvep1hvd5i5svOfU qgsjYJMh5iuH2Is7EqbJ3HjsFv2IiCfhLZ3wWusHmNJaabhxMeW7Znq9hjOZzLErzvWHx3GJ6XS6L wyCuCs8w8uPTxVOjfrt1wKWgZ32OCUNKnVDURg1ec4mO1iu88xp75Gn8PmPwtXNfdOPtXjAh3uaBZ ZiVH0dor5Tg6d9EjI+7bcu0Nqqgwx/0ozY3UFdsQYsaQE5tJDkPVeaRGCG8Ucd37eIXbfcoxUUhk8 ODCmJT01okQ5ZoTV0s2tkMX1EsV/3dDW6pNKb3JqTqrJs9LAb7YO5l+6uccTDpKGw7t8gjtFL9unE pOokmKXg==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1ryx3S-0052WV-Sl@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 18 Apr 2024 14:20:00 +0200
Source: libapache2-mod-auth-openidc
Architecture: source
Version: 2.4.12.3-2+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Moritz Schlarb <schlarbm@uni-mainz.de>
Changed-By: Moritz Schlarb <schlarbm@uni-mainz.de>
Closes: 1064183
Changes:
 libapache2-mod-auth-openidc (2.4.12.3-2+deb12u1) bookworm; urgency=medium
 .
   * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks
     cookie value made the server vulnerable to a Denial of Service (DoS)
     attack. If an attacker manipulated the value of the OpenIDC cookie to a
     very large integer like 99999999, the server struggled with the request for
     a long time and finally returned a 500 error. Making a few requests of this
     kind caused servers to become unresponsive, and so attackers could thereby
     craft requests that would make the server work very hard and/or crash with
     minimal effort. (Closes: #1064183)
Checksums-Sha1:
 48152d4f7c03317dc578ea4845a20c15cd315a75 2325 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1.dsc
 1c4e5d1781006ff9a29cfa350b15a776adf1cb1a 7764 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1.debian.tar.xz
 f5624c86bc0ae6c1fe0bdf90dca4d35a6455dabc 8448 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_amd64.buildinfo
Checksums-Sha256:
 4f5904073b8562a7a3b982b01dd1c75c10f4b29e3d698abc9be4001fdd6e9e98 2325 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1.dsc
 2d12ef29195cc123400752e91eb61eb78d86762f22a312faff5ed7dd22db1064 7764 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1.debian.tar.xz
 2b0a6a9811ef289acdccf6a254604cba5fec1894f6986d807a2f3e0c18e25c61 8448 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_amd64.buildinfo
Files:
 fd5cc9b4e7a18f975d121d49b88d4a26 2325 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1.dsc
 9f0659dc1a46f0b45c6473723ed86e69 7764 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1.debian.tar.xz
 176fdc1870d781962f19b40ab903356b 8448 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJKBAEBCgA0FiEE3wEiR7/GVQGv8oRFDCS4Qcfduq8FAmYhEu0WHHNjaGxhcmJt
QHVuaS1tYWluei5kZQAKCRAMJLhBx926r6j8D/9Gopp36dLgy9ck9IG9vW3gB/qm
30/gR+smGLaEzu6Hf4YHu1qRl4Dz4LMgx3hKlG2bNAxEfzjmt56H+uWNRiiO90rz
8dAJVGVADm4M6VH6CAXeVe44YwI5Jo/9wVkzUWBANDgIXvC4+0iO7KHwM8X5tbyq
cyJQrG99X1k2BSfbpZHje3bbg1bkFVu3uOOAqWpTaWGZweVjR2Ep7o+FdnDJvA5Q
WKs0zfO7hxyHDUZYyiFqxJa4GTTYT9MWk/0BTD0qyRO8WAA20eENvoG3vkv0plUb
HLhMM0847rYXEIxKLv58ao/Y1rGmDHbAeGqhUkvIuyemdT5yYO/bmDjQ+U9K6ZFA
2qO3vaz7qipDPRgzlouEXcjEwzjNavrQ9N7zLusraXVq4TZ3SQwr3St7th7TgLjz
vd9DS63XyMu/BHAbNbxZvNBJbfS3ZeVhgjxkswq0i26XQId//KmR63B4l+llvabR
4dV73MYrH1lOOcMnfHYqxhgsWWH4dvCBmZGBZmqAVhRRj4xVcHVTfqVkj96U/N6/
ryLZUmv1MbcChzLIxegKWl9mk1bblX/mC12dUmwMP0IsT/ncJ1sF26H+Iv3wGsbi
h8s6jjG7a/cAcFtU45ze7+uwTblo/7U35Ob+LgD46K9F4swYAV1u11gHm8N/EtbX
ByktFjekB59YNfL9ag==
=D0Nz
-----END PGP SIGNATURE-----

Attachment: pgpdQXhyE3L4C.pgp
Description: PGP signature