Back to libapache2-mod-auth-openidc PTS page

Accepted libapache2-mod-auth-openidc 2.4.9.4-0+deb11u4 (source) into oldstable-proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted libapache2-mod-auth-openidc 2.4.9.4-0+deb11u4 (source) into oldstable-proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 22 Apr 2024 20:34:57 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_source.changes
Debian-source: libapache2-mod-auth-openidc
Debian-suite: oldstable-proposed-updates
Debian-version: 2.4.9.4-0+deb11u4
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=CAx4T9lEC3AUM+ulo9NNSrGW0XKUOVidyfPg6xBqXPI=; b=EDl1rKSuaqDsjDjnwVjpfhRrBw MCe3Fb60h16HBoP650U0RpvgY3sNU5QVRvgfiObT/YRX1T/fk/2JNox+RkiCUli+scphHAFTFNeoI Xb3oe9PVGS7L5lyexRl/2OhJ2vm/oBxUjYXIr2/yvBU8oRtOLL2gBeSRjFWmpKA9kP1giaRJxeZU2 /VvNPRdKo1UqfSr7R5UMw9LqpDuszLZ+uuZ23qmvfCKYyJ2k74MbaFoUfi1p3arn27RtjWcQ6h9bB MbNJ1DqGzGeE0okGTkmrZuGVgwUV3OAS+/TyFh7CRsQ6Hrf6DTp4ykWPb+947+B8zMDens1SRmFrY j4hckYwg==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1rz0NN-0061N8-Ol@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 18 Apr 2024 14:27:26 +0200
Source: libapache2-mod-auth-openidc
Architecture: source
Version: 2.4.9.4-0+deb11u4
Distribution: bullseye
Urgency: high
Maintainer: Moritz Schlarb <schlarbm@uni-mainz.de>
Changed-By: Moritz Schlarb <schlarbm@uni-mainz.de>
Closes: 1064183
Changes:
 libapache2-mod-auth-openidc (2.4.9.4-0+deb11u4) bullseye; urgency=high
 .
   * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks
     cookie value made the server vulnerable to a Denial of Service (DoS)
     attack. If an attacker manipulated the value of the OpenIDC cookie to a
     very large integer like 99999999, the server struggled with the request for
     a long time and finally returned a 500 error. Making a few requests of this
     kind caused servers to become unresponsive, and so attackers could thereby
     craft requests that would make the server work very hard and/or crash with
     minimal effort. (Closes: #1064183)
Checksums-Sha1:
 59075b190efed8b5b0acc91beb6719f72950f871 2560 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4.dsc
 c2547eb068c4cf808254e22084bf38863ed65927 8180 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4.debian.tar.xz
 5b57962345ba44d775627aa58e67c23270996c32 8775 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_amd64.buildinfo
Checksums-Sha256:
 fdfdf2d1e8f29d9aeecc447f752f9d6c8fd197a17f41e9928bb0c9520cbc6095 2560 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4.dsc
 e180e64cb72b19bbb55a9b17ee6c9b6157b6ee79b0e38fee4f3af08be0de9656 8180 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4.debian.tar.xz
 7163bc3c51b761633c1dee6881d715342daad6817f4afad1c9d7093765ada122 8775 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_amd64.buildinfo
Files:
 db3f551e27cc7eb67b79ae17934e027b 2560 httpd optional libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4.dsc
 e6225a8e4af69e90ca7ed50d884358a6 8180 httpd optional libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4.debian.tar.xz
 645b146646668d77485825efad8fcb2a 8775 httpd optional libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJKBAEBCgA0FiEE3wEiR7/GVQGv8oRFDCS4Qcfduq8FAmYhEhAWHHNjaGxhcmJt
QHVuaS1tYWluei5kZQAKCRAMJLhBx926r+JaEACGpXKn4dQQBUzRzfHpy7I+h6d+
KhrZkahzHob6pesxyOhW6d+mbBYyaqzk7HTprOo1Xtu0mr5AvPnyJPkQQdoG6nmb
COTbSyuIOKtykC28eTjm9nqcECm4NCNhCKeNocS0HXJr8juQvbmR6tb0u1sQt/WY
nmrK1RPJFb7VaJw5lwVcCOUgFLD6SCfglVOxORFkmiU6btxM/soJvATYzDW4hPY8
z2awnGK4oQrREYB61OhbxvzS6aEfpPNWVcrGxlHsDXbKjcjq/DsnEcxN/1TVnjYR
ehVKJjKhRL/sqsn5xoWPr3Yd2i4KsW7yXEmW6St3RvW5fhoL4ufAfWFFCYB3TX8r
AlQZSaoW+kxuAVTlNp3X4syIibzOsRRq/TVRIFNkwFjCDMmKARARSmbg//NoVQqD
2/PYRjFr4WtDFqfnezGGtQHwocoRGDxlyD+FDTjmZq676E5vexpq1s6Dy5Pz6BJE
00Onbmqn8dN23ojD+SdKYwR2CQbLIkpnXx0voa5Hd7EeqqPdeKm1jmuEQjlSJM0T
JQ8z4TBJvffeUCC7XxvHo/w3a5fVOipIcpg9VpQd+Bh2Of06Jk2W8Cr4yi1AW5Kx
T1Pi0+a/q50JSeobrSpHgTRnW9ikhb0clFpAe445wEV70529ncFUmfG0CNS6PmaE
3ujZ3jN+aB2PDK6dxA==
=buzI
-----END PGP SIGNATURE-----

Attachment: pgpWSKelXa_GM.pgp
Description: PGP signature