Debian Package Tracker

From: Thijs Kinkhorst <thijs@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted libapache2-mod-auth-mellon 0.14.2-1 (source amd64) into unstable
Date: Fri, 22 Mar 2019 12:34:15 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 22 Mar 2019 12:10:11 +0000
Source: libapache2-mod-auth-mellon
Binary: libapache2-mod-auth-mellon libapache2-mod-auth-mellon-dbgsym
Architecture: source amd64
Version: 0.14.2-1
Distribution: unstable
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description:
 libapache2-mod-auth-mellon - SAML 2.0 authentication module for Apache
Closes: 925197
Changes:
 libapache2-mod-auth-mellon (0.14.2-1) unstable; urgency=high
 .
   * New upstream security release. (closes: #925197)
     - Auth bypass when used with reverse proxy [CVE-2019-3878]
     - Open redirect vulnerability in logout [CVE-2019-3877]
Checksums-Sha1:
 d138d45c4fc837fff4a5488ccfff2d5f80413af7 1747 libapache2-mod-auth-mellon_0.14.2-1.dsc
 35d4359487fb97e9982b501ef3581b49bf985888 950737 libapache2-mod-auth-mellon_0.14.2.orig.tar.gz
 45289bbf501cc47dff7d09dea0377cca549b9df3 3572 libapache2-mod-auth-mellon_0.14.2-1.debian.tar.xz
 5420e94d83f4293a7fd7059f4f8910e4ec66cb4f 206796 libapache2-mod-auth-mellon-dbgsym_0.14.2-1_amd64.deb
 dfb9b0135c1990210ecfc4f81e4280a09c8ebc24 8332 libapache2-mod-auth-mellon_0.14.2-1_amd64.buildinfo
 2edeee35f48286c3428b4f3caed6f87ed272de5d 70108 libapache2-mod-auth-mellon_0.14.2-1_amd64.deb
Checksums-Sha256:
 1be454a1ed199dd86bf8cf130fd68e521d0ad435d8fc3a8ad2ce319ce98ba291 1747 libapache2-mod-auth-mellon_0.14.2-1.dsc
 8290ba57394fb7c551b9902c32bded8711f9656e2d36e351618b952f2c162afc 950737 libapache2-mod-auth-mellon_0.14.2.orig.tar.gz
 6fd03dd75d7e101eb1b6b4898d7c089e5c7eef8bf2ceb2dfd5b011faea744ae7 3572 libapache2-mod-auth-mellon_0.14.2-1.debian.tar.xz
 6b2e90009a41bfdff34309cca6a79b1a2c54f543412a196bf7515c440b5cc229 206796 libapache2-mod-auth-mellon-dbgsym_0.14.2-1_amd64.deb
 53602e91c3fbf920c0c9182e8259fb02fed6497d1eead3f648e11d4e69cb2256 8332 libapache2-mod-auth-mellon_0.14.2-1_amd64.buildinfo
 66e387c7676a245f98820aee45af8bb1f995d43e225cba66bb697fc0b4d62f3e 70108 libapache2-mod-auth-mellon_0.14.2-1_amd64.deb
Files:
 8daf82c08820a33a313bfc46a6469271 1747 web optional libapache2-mod-auth-mellon_0.14.2-1.dsc
 0fe222274967a0db57cd86a03b915a6f 950737 web optional libapache2-mod-auth-mellon_0.14.2.orig.tar.gz
 c29305435c13a6ddc7103a8502ad11e7 3572 web optional libapache2-mod-auth-mellon_0.14.2-1.debian.tar.xz
 58660659478579d4b1202dce34fddf3f 206796 debug optional libapache2-mod-auth-mellon-dbgsym_0.14.2-1_amd64.deb
 bf41b1c926ee607d48cc2e1545d293a5 8332 web optional libapache2-mod-auth-mellon_0.14.2-1_amd64.buildinfo
 de27ef261925be517d5baa5d92ca7d25 70108 web optional libapache2-mod-auth-mellon_0.14.2-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQFFBAEBCAAvFiEEeANVtepr/II1qZxLVvYaeUAdrAQFAlyU0lURHHRoaWpzQGRl
Ymlhbi5vcmcACgkQVvYaeUAdrARatgf/Z2JpVjcSsHn6P/itsgVyIzeDH5nGa+VK
S1Qaw5HhRrStxDIV1wLxm2maRQC7K5rF9KnG12cmRlP1pfijWKSSUt98bpbMDw1I
mmc8XzBFohYZ7uoTQwSuLjlCSEpSpJi+cp3i6VLc8bPKp1UPMbPs9eYtH/x+ayb3
sCdCnAlMzOkYqIUuTEcL82Yoy1tSlvXhsARA/r5bS/4dEaGwZm9AiF7h2TO/UMg3
k5adlqnLirHaFlWmJ4+2HL4cg6+7+LijVK5Gv/QMCzuJKJH2HI4aHk3Y7JqIGHFh
86IgofHe3C2dYI4wM6Wo7AA9DNx9qLUdrOcWZBSE+SSnBB57QU1uWg==
=pJFx
-----END PGP SIGNATURE-----
News for package libapache2-mod-auth-mellon
