Hello Markus, There isn't any open vulnerabilities in libapache2-mod-auth-openidc. Last one was announced in DLA-1996-1. Any particular reason for keeping it in dla-needed.txt. --abhijith