libapache2-mod-auth-openidc in Bullseye

To: <debian-release@lists.debian.org>
Cc: "Schlarb, Moritz" <schlarbm@uni-mainz.de>
Subject: libapache2-mod-auth-openidc in Bullseye
From: Christoph Martin <martin@uni-mainz.de>
Date: Fri, 30 Jul 2021 12:25:11 +0200
Message-id: <[🔎] dd8f181f-0540-da26-fc68-5ebc1bbd7406@uni-mainz.de>

Dear Release Team,

currently the version 2.4.4.1-2 of libapache2-mod-auth-openidc is in
testing/bullseye . Some days ago four CVE security bugs were published
which are fixed in version 2.4.9 .

The fix to CVE-2021-32791 looks quite big, so that I think it is not
safe to backport it to 2.4.4.1 like the others could be.

I prefer to upload the latest upstream (2.4.9) rather than try to
backport the fixes to 2.4.4.

What do you think of this?

Regards
Christoph

https://security-tracker.debian.org/tracker/CVE-2021-32785
https://security-tracker.debian.org/tracker/CVE-2021-32786
https://security-tracker.debian.org/tracker/CVE-2021-32791
https://security-tracker.debian.org/tracker/CVE-2021-32792

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to:

Prev by Date: Bug#991681: unblock: telegram-desktop/2.8.10+ds-1 (pre-approval)
Next by Date: Bug#991701: unblock: python-a38/0.1.3-2
Previous by thread: Bug#991681: unblock: telegram-desktop/2.8.10+ds-1 (pre-approval)
Next by thread: Bug#991701: unblock: python-a38/0.1.3-2
Index(es):
- Date
- Thread