-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 18 Nov 2019 14:40:00 +0100 Source: libapache2-mod-auth-openidc Binary: libapache2-mod-auth-openidc Architecture: source amd64 Version: 1.6.0-1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Hans Zandbelt <hzandbelt@pingidentity.com> Changed-By: Markus Koschany <apo@debian.org> Description: libapache2-mod-auth-openidc - OpenID Connect authentication module for Apache Changes: libapache2-mod-auth-openidc (1.6.0-1+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-14857: A security vulnerability was found in libapache2-mod-auth-openidc, the OpenID Connect authentication module for the Apache HTTP server. Insufficient validatation of URLs leads to an Open Redirect vulnerability. An attacker may trick a victim into providing credentials for an OpenID provider by forwarding the request to an illegitimate website. Checksums-Sha1: 268d70f47668001f7351cce1c9d82c378d24d421 2169 libapache2-mod-auth-openidc_1.6.0-1+deb8u2.dsc 453169ffd1f8310b0f021a08931f2ca41a93f251 5976 libapache2-mod-auth-openidc_1.6.0-1+deb8u2.debian.tar.xz 860b211e97bbef363cabf2838771324b47f66ac8 88600 libapache2-mod-auth-openidc_1.6.0-1+deb8u2_amd64.deb Checksums-Sha256: b08209d41dd19c5cffc26f24c0ccfd3363b5c0ee161e316cb80bd1fadc5cbe05 2169 libapache2-mod-auth-openidc_1.6.0-1+deb8u2.dsc 83edbec34cec31770ce3bea666b6f369dd8d42ba7942fa34fd711097db77c4ab 5976 libapache2-mod-auth-openidc_1.6.0-1+deb8u2.debian.tar.xz 4faea8405a6f8559a3c23f0509545d945229ae9af67eb723007223b7e9c49b55 88600 libapache2-mod-auth-openidc_1.6.0-1+deb8u2_amd64.deb Files: 522c3b999b373e103b0043e1d71aae80 2169 web extra libapache2-mod-auth-openidc_1.6.0-1+deb8u2.dsc 005304d4d77041f3d3df976d3e680d44 5976 web extra libapache2-mod-auth-openidc_1.6.0-1+deb8u2.debian.tar.xz 4fa41d0414141c6e6dc238f615f37348 88600 web extra libapache2-mod-auth-openidc_1.6.0-1+deb8u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl3SoB5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkhzEP/3qANhRMDybhZIUoMT+aerDNdi72DJ7gXG5B OTKUTbDxd24NL8rsKWPxUwFMi23XH+vMxS/MPl1uiCNwaBEP7vHn5qN7AnCLIp/E IOM5zHTIYA8SjYNiBL9zllLsoYiKugozDhNR1J3Tw67ALbHwV89kCfp/Io0Hhx+l YnEaULxa1Y21SrqK9oyV/YXfavGTZrthKtGWjbQ4ZNqhz73XKt2aUY2jbA5R1NV0 BUOtJA7R1aCPYUNORoKGWpPZrXGsExjtqrXWhwu5vfDZ3E9cVkG0ssb6pQxLNNT6 zjN+27F7vpPXviuzdnQZlX50grd8e1E3nm2WBB3fUliYRW9iz9APT1HrNyTUzbCZ m37a8ulMMYClFsWYUyaQO3HybFS38b8SxD1MINThgvBTCBgIUDPrTjCoETWRDl0h +FmAMupL/5JBng4Dos84wiHaE5lFvbXl4voJ/BT7AWVGBQMFFtpScBsXzYc5s3cA Xig1jIMpK2/mWMs4D9UA0MMi5b3pkcRFzX8hG29a6JVZoT2bv8KunIiY2BXkpGJ9 lUTDIc+TT+40RlnDvEsWv08xd8BM87MTCNwC7tFma9B+kFxmuqN162fk5K9wetOW nlCyMR4ltnMsitTiei/087h/0uPiB7tX6BK0l3JNJU5j0D0vEbYNZAPr+9BOhD2a HsbJzhAA =ocab -----END PGP SIGNATURE-----