-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 29 Feb 2020 11:03:02 +0100 Source: libapache2-mod-auth-openidc Binary: libapache2-mod-auth-openidc Architecture: source amd64 Version: 1.6.0-1+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Hans Zandbelt <hzandbelt@pingidentity.com> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libapache2-mod-auth-openidc - OpenID Connect authentication module for Apache Changes: libapache2-mod-auth-openidc (1.6.0-1+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * CVE-2019-20479 Insufficient validatation of URLs leads to an Open Redirect vulnerability for URLs beginning with a slash and backslash. Checksums-Sha1: e26d9bae0f1a0b75a9822917175364f19ed1ddd4 2177 libapache2-mod-auth-openidc_1.6.0-1+deb8u3.dsc 3cf9595a5cdc3d1a9edbf64d304c5ac8ea2b305d 142612 libapache2-mod-auth-openidc_1.6.0.orig.tar.gz ebc13d1b554268754d81e7de164e91d1667ffac4 6100 libapache2-mod-auth-openidc_1.6.0-1+deb8u3.debian.tar.xz 4d79d2c62ed325d538ab2638f7b6ba6b6fc1f1c3 88986 libapache2-mod-auth-openidc_1.6.0-1+deb8u3_amd64.deb Checksums-Sha256: f1666df456c6c654e977794c0f2355a595b777d0c1731d1264ba2fbbb1bebdd5 2177 libapache2-mod-auth-openidc_1.6.0-1+deb8u3.dsc c8fa6e746726a35c444eb06825336edb08e5754288fda7cbfb2d3888a6ecad7e 142612 libapache2-mod-auth-openidc_1.6.0.orig.tar.gz 59f873b529ad15dfc2adb8cd98f23576d591dfcbbd87ca19da7f4024a1b3c1e1 6100 libapache2-mod-auth-openidc_1.6.0-1+deb8u3.debian.tar.xz 85c0e9d70eebbd39544bf7419dc7dbb69cb6bf22e34adfb3a7c36a54636a8087 88986 libapache2-mod-auth-openidc_1.6.0-1+deb8u3_amd64.deb Files: 126b628f36497d61c89a8f331c468efc 2177 web extra libapache2-mod-auth-openidc_1.6.0-1+deb8u3.dsc e4d50b79562f6726586264b15f1439fd 142612 web extra libapache2-mod-auth-openidc_1.6.0.orig.tar.gz e497e489343a49a707da77fed06f3b3b 6100 web extra libapache2-mod-auth-openidc_1.6.0-1+deb8u3.debian.tar.xz 89c53b76b31e1d107c85fadd9e8b03e7 88986 web extra libapache2-mod-auth-openidc_1.6.0-1+deb8u3_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl5aRThfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR3iqEACTRo34ZyrTZ9qGUpm9Q5hC+RHZsFGu o5wM8KYBRv5npjqSQeB9D20OnVRyiteC/eA/VP22Ac0kQz1akXJ9VzhGwwDHFseC y/qU02+RFJPrgR02Be2/MuRGhugQjH2VLCnTQf5R/LZZXrPxsrd8s3LYppiGdKsW gT0YzLxr6quSKBkLbR5Z2NTc+kzd8/KlyUHMptVTeuIngL7q/xVmKExPJLpIaQe9 3AA6YKMSrlJLWp7Mq9fD4bUV+/U7K2/FfLPJiPX0fQAIG0zt7033kikAAtgW1ECN ANKTEK8NsHF6BmbS56lleWmz7fG7iCVJu/td42zyJSLUUhzhb/yeKfr04P7ViPyU e5vYdQKHDryjbWrGvEo3K4jf/hzwqqOYkiJnQ6u6iu3thFbBlzXdocUDKPJW1YiM J2Okw2/Eoot47di8d/+Jih/qcZUg7cZUaQq1lh1Vr8taaq7cZ2WwgtLCWfya0Qoq qSIm4GOKvdEKWlmIgk9fUeiFLiMrGjSkc9WLAfRQHcXTSVe/f+Up4gXs0JXhXdv4 lzTO6GwU+t/oHFlGXWgur1yhks1hbpGfAFKsJl8VzxVmJWKk1SMHI5R2TovK3+mw q+krRJ+TBqHrdamkrT5qS1w5LvQdO58YJoUBip1KwPGI2eGtUa4qDXTXJ56VIGrs 8EZH9fgJQ4C1YA== =mjbJ -----END PGP SIGNATURE-----
