-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 23 Aug 2018 20:03:02 +0200 Source: libapache2-mod-auth-openidc Binary: libapache2-mod-auth-openidc Architecture: source amd64 Version: 1.6.0-1+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Hans Zandbelt <hzandbelt@pingidentity.com> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libapache2-mod-auth-openidc - OpenID Connect authentication module for Apache Changes: libapache2-mod-auth-openidc (1.6.0-1+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2019-1010247 The OIDCRedirectURI page contains generated JavaScript code that uses a poll parameter as a string variable, thus might contain additional JavaScript code. This might result in Criss-Site Scripting (XSS) Checksums-Sha1: 8d08d1ea28ec87df13702d77684d8d6e5570357b 2177 libapache2-mod-auth-openidc_1.6.0-1+deb8u1.dsc 3cf9595a5cdc3d1a9edbf64d304c5ac8ea2b305d 142612 libapache2-mod-auth-openidc_1.6.0.orig.tar.gz 028319147b64d50f1a9a8c34fdd659859f225dff 3824 libapache2-mod-auth-openidc_1.6.0-1+deb8u1.debian.tar.xz d452759132639ba90cbd6f9bdd7639ee026ef6c1 87522 libapache2-mod-auth-openidc_1.6.0-1+deb8u1_amd64.deb Checksums-Sha256: 17136bb654a4d94660c32beb985142164ec3e0ebf0649f031b8d1c443ca839f8 2177 libapache2-mod-auth-openidc_1.6.0-1+deb8u1.dsc c8fa6e746726a35c444eb06825336edb08e5754288fda7cbfb2d3888a6ecad7e 142612 libapache2-mod-auth-openidc_1.6.0.orig.tar.gz 1a92c84a5902e309798633311d9ab6026d07b06f76e2613b66050dd1278b300d 3824 libapache2-mod-auth-openidc_1.6.0-1+deb8u1.debian.tar.xz 10bfe2fbefcbdfaa16164113ebd5b471dc7679df6c49a1d5fe306ddf1085887e 87522 libapache2-mod-auth-openidc_1.6.0-1+deb8u1_amd64.deb Files: 468ec89276504b97a3aa862a4e5f8f38 2177 web extra libapache2-mod-auth-openidc_1.6.0-1+deb8u1.dsc e4d50b79562f6726586264b15f1439fd 142612 web extra libapache2-mod-auth-openidc_1.6.0.orig.tar.gz 0f558c80a115a6ea2f885cf732baf815 3824 web extra libapache2-mod-auth-openidc_1.6.0-1+deb8u1.debian.tar.xz 19b061c2f9e1df27aa5d46692beaeb26 87522 web extra libapache2-mod-auth-openidc_1.6.0-1+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl1gO8JfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR2KLEAC6fyYFwsqCfcMT7exMltRl6E0nlJW8 IJqpEjv9dm4LUSr29vRJFDOzJKoLZCFgmh9IQzW7d9WEWY4YRyYsaGOM5okgxvjq 1LEHksNL2xUiECplKvYXVmQKPNKmpa/kyEC7i/bdgC+VUZBK1Q4N15TVhbFwOiJb uZZbcitJIpzs+H34PQlUXYPnxzNlMsFgSkCbtn7Fvy5h3VGuTt+pfrpYh1hQdBST ek1jIlx8SeveYxxxPxKGbm/A8xVXhqqHju+lj9iOnekw9TEWQHPC3mMlhw127IBM cdl7EICeWaHsWjXIxzK5GJpmCPAQGlNiPoj+6iXqVGKIQgB4WRp8BgHR14v4G5+G k15opN7LL/K8mGXB5cEep+j+tFwG8iCinP7EUVBINxWYlF4YG+eC0oY2zTxxan/V F0qKzRA7t9/SqRPEm33uErPdtFa1gz4qhfO3NSpEn3l8HBL6Ick5j5HSvFJlei5d JJur8Fp2N8PBG1hsEKrB7xnUq66wqskrKUmRHwvn+BReqnybXtX1W42MCQEmsZaA SMQ163W5FsFmLyCZGxEXLayMVbJE1v26ESTMXW2FrZv9grXB9o9Ia1/TcD3pot2I 7qXwztTYyWXlggk+yo030Z5KP+u8t3MTgXsgvvdOjAHBW9JkH7hvWEEPlgTlwJ5Z T++/Q1PrOlahbg== =+Bzu -----END PGP SIGNATURE-----
