Bug#945578: buster-pu: package libapache2-mod-auth-openidc/2.3.10.2-1

To: Moritz Schlarb <schlarbm@uni-mainz.de>
Cc: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 945578@bugs.debian.org
Subject: Bug#945578: buster-pu: package libapache2-mod-auth-openidc/2.3.10.2-1
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 31 Jul 2020 10:25:13 +0200
Message-id: <[🔎] 20200731082513.GA575110@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 945578@bugs.debian.org
In-reply-to: <3b187eef6b28ea901344d2089dc4ca72dc94d892.camel@adam-barratt.org.uk>
References: <157484993164.25129.4626987186182709647.reportbug@schlarb-1.zdv.Uni-Mainz.DE> <157484993164.25129.4626987186182709647.reportbug@schlarb-1.zdv.Uni-Mainz.DE> <3b187eef6b28ea901344d2089dc4ca72dc94d892.camel@adam-barratt.org.uk> <157484993164.25129.4626987186182709647.reportbug@schlarb-1.zdv.Uni-Mainz.DE>

Hi Moritz,

On Tue, Jan 28, 2020 at 10:43:25PM +0000, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Wed, 2019-11-27 at 11:18 +0100, Moritz Schlarb wrote:
> > Fixes CVE-2019-14857 (Open redirect in logout url when using URLs
> > with backslashes) by improving validation of the post-logout URL
> > parameter (backported from upstream, see 
> > https://salsa.debian.org/debian/libapache2-mod-
> > auth-openidc/commit/17e31b94a71ef02d1417bee6b0ef7b7379b40375)
> > 
> 
> Please go ahead; sorry for the delay.

Friendly ping on the acknowledgement from Adam. Moritz did you
recieved it? Can you upload for the 10.6 point release?

Regards,
Salvatore

Reply to:

Prev by Date: Processed: tagging 944099
Next by Date: Bug#953614: buster-pu: package dojo/1.14.2+dfsg1-1+deb10u2
Previous by thread: Processed: tagging 944099
Next by thread: Bug#953614: buster-pu: package dojo/1.14.2+dfsg1-1+deb10u2
Index(es):
- Date
- Thread