Accepted libapache2-mod-auth-openidc 2.1.6-1+deb9u1 (source amd64) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted libapache2-mod-auth-openidc 2.1.6-1+deb9u1 (source amd64) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 29 Jul 2020 14:40:13 +0000
Message-id: <[🔎] E1k0nFd-0004FZ-2U@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 28 Jul 2020 21:03:02 +0200
Source: libapache2-mod-auth-openidc
Binary: libapache2-mod-auth-openidc
Architecture: source amd64
Version: 2.1.6-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Hans Zandbelt <hzandbelt@pingidentity.com>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 libapache2-mod-auth-openidc - OpenID Connect authentication module for Apache
Changes:
 libapache2-mod-auth-openidc (2.1.6-1+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2019-1010247
     The OIDCRedirectURI page contains generated JavaScript code that
     uses a poll parameter as a string variable, thus might contain
     additional JavaScript code.
     This might result in Cross-Site Scripting (XSS)
   * CVE-2019-20479
     Insufficient validatation of URLs leads to an Open Redirect vulnerability
     for URLs beginning with a slash and backslash.
   * CVE-2019-14857
     Insufficient validatation of URLs leads to an Open Redirect vulnerability.
     An attacker may trick a victim into providing credentials for an OpenID
     provider by forwarding the request to an illegitimate website.
Checksums-Sha1:
 1c8b5ac54df7b0689bd14fd000cfa1002da5d96d 2753 libapache2-mod-auth-openidc_2.1.6-1+deb9u1.dsc
 d23578cbbe6534e0c7b66d90a5044416fbf9b6ed 207675 libapache2-mod-auth-openidc_2.1.6.orig.tar.gz
 f053324a947f7b9974ba4d328e6b35b76c5b1911 8744 libapache2-mod-auth-openidc_2.1.6-1+deb9u1.debian.tar.xz
 581f551ce0b7ddbc3b7a05eb471112ac3f0ef6b5 286016 libapache2-mod-auth-openidc-dbgsym_2.1.6-1+deb9u1_amd64.deb
 bdcffe3e387e08097bc3a7bb5aed5af2515dab29 8079 libapache2-mod-auth-openidc_2.1.6-1+deb9u1_amd64.buildinfo
 041472d769dc280c50f3c34abb5f3f50ba2da621 132874 libapache2-mod-auth-openidc_2.1.6-1+deb9u1_amd64.deb
Checksums-Sha256:
 f8200b2881ed8c735ffe40ae620de640871dc3b69c8c1f7671eac101f189e17d 2753 libapache2-mod-auth-openidc_2.1.6-1+deb9u1.dsc
 0319ec332f264ab73115ec1c9d04d06f886ae7771323f97254e3e77c4d165a63 207675 libapache2-mod-auth-openidc_2.1.6.orig.tar.gz
 e47a68dc98ee5fa62a0d2b917dbe3a1e085324072aa9b0f9713ba442438c5076 8744 libapache2-mod-auth-openidc_2.1.6-1+deb9u1.debian.tar.xz
 73c82997af0a12c3b740174c8ec4efe386ee0c569d60f9fda93e4b8e01a9e6ec 286016 libapache2-mod-auth-openidc-dbgsym_2.1.6-1+deb9u1_amd64.deb
 1f9819345a57f3ae5ce375572e27941e9aaa651b513b5bd7c9ea6b7657e3ee5b 8079 libapache2-mod-auth-openidc_2.1.6-1+deb9u1_amd64.buildinfo
 f9d52a5c6d76c0323bfb5b01a4b89a13782efd1e12e20123ea9562c494e2a953 132874 libapache2-mod-auth-openidc_2.1.6-1+deb9u1_amd64.deb
Files:
 9a260a247b745a97c15f5fc6540c1de1 2753 web extra libapache2-mod-auth-openidc_2.1.6-1+deb9u1.dsc
 ceb1493634e347a84642b50680abbe17 207675 web extra libapache2-mod-auth-openidc_2.1.6.orig.tar.gz
 69f37df242cd416377e60b8855e5ba78 8744 web extra libapache2-mod-auth-openidc_2.1.6-1+deb9u1.debian.tar.xz
 6a36014a805bf10312004f8875985cc9 286016 debug extra libapache2-mod-auth-openidc-dbgsym_2.1.6-1+deb9u1_amd64.deb
 35814230af6917d77d5cf9c9be842862 8079 web extra libapache2-mod-auth-openidc_2.1.6-1+deb9u1_amd64.buildinfo
 3d26dc68df155b52982c137347b90a61 132874 web extra libapache2-mod-auth-openidc_2.1.6-1+deb9u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl8hhm5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR/zaD/9B1YQsmDEiugKBH7LL7FDCDJdd/JaV
qgu513KuCsnZON+sF/vxP9x4r/6cC0MLPvpJYkGv95NJkSG+4sk5VvV0JnAyjAwr
T0kQC7mZm5iHSPjRbW4kmzOpIsbp/Ml1Ojca5lWwNNfSYIANI6M+WAh2pVqGY2Lq
koUHiFhn+u2LJZczTCHsv0MmQj9+QIdbDX3VbFI/aii0oiQg+Gu/JyjHvBP3Sp5z
5c3m9vz/lRPDksgeG50kyF0cuUjNWHICLpCi1oJTBFRWhQiz0w+/Npl/xmo/1yuB
+GomQeBriecLuzPYV6Q+YDoQ7bnikaMWhPzuSh2vFw4U2cyE5Z/SklUYFATGJORa
Drvhhq8Le2T6UCxO3waTomRBp3u9hMy4snsTq74PEmZoiQaHehxNxFU2XVGYMpyt
1GFMAZrPELWfIIJ+pqyXJmZDgGihBYjKmCbiMSp3h0HJ2SRn9aIkQOnM9O/0P/Me
RLmfdAUARvcFRnL0Papq+Gfats34+P11b2ed3LEIaD1qjGIq7AqFPB+bHpVMI3Ed
yZMXE4EvtAefq6jI4l0Vfgnv0ceYJ0JdxVF5IY+u89PZtCSNk4bSoIGchyDDYMMR
fId4fQUX1ol2vWBomdCgZ/LgoaGOBFPGQOhdi7LXMkDPp9xQonTnKbbX/K+MSjIg
V50R7e4fjFIlew==
=o879
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted firefox-esr 68.11.0esr-1~deb9u1 (source) into oldstable
Next by Date: Accepted net-snmp 5.7.3+dfsg-1.7+deb9u2 (source all amd64) into oldstable
Previous by thread: Accepted firefox-esr 68.11.0esr-1~deb9u1 (source) into oldstable
Next by thread: Accepted net-snmp 5.7.3+dfsg-1.7+deb9u2 (source all amd64) into oldstable
Index(es):
- Date
- Thread