-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 20 Dec 2022 12:20:52 +0100 Source: libapache2-mod-auth-openidc Architecture: source Version: 2.4.9.4-0+deb11u2 Distribution: bullseye Urgency: medium Maintainer: Moritz Schlarb <schlarbm@uni-mainz.de> Changed-By: Moritz Schlarb <schlarbm@uni-mainz.de> Closes: 1026444 Changes: libapache2-mod-auth-openidc (2.4.9.4-0+deb11u2) bullseye; urgency=medium . * Backport fix for CVE-2022-23527: prevent open redirect in default setup when OIDCRedirectURLsAllowed is not configured see: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53 (Closes: #1026444) Checksums-Sha1: 5d8caa209a21c777bb88a99bbd8f83e7153a682b 2560 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u2.dsc 722f61be486e52e9a28f2e8808b541b68e3615eb 6992 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u2.debian.tar.xz ceb63ca3fb70c46a2a6fa2551c7b7d8510ffc783 8599 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u2_amd64.buildinfo Checksums-Sha256: 760e1cfa5fd4e8346941ecb6d42db66ed7daa761b3b2e5937de1ca4a51b290e9 2560 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u2.dsc 4a82333b90029003f18fe41f3be921157d0116efa1c413abb698d08b80243c85 6992 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u2.debian.tar.xz ac05fd8680059bce33ae87c01affe828a0181d8c3e401fe708701dc580311ff1 8599 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u2_amd64.buildinfo Files: 6dcdf43c0903512c0ba7a4202ea9c24f 2560 httpd optional libapache2-mod-auth-openidc_2.4.9.4-0+deb11u2.dsc 60a2f18302b7988163a8baf090d324a1 6992 httpd optional libapache2-mod-auth-openidc_2.4.9.4-0+deb11u2.debian.tar.xz e9e4667a8fcb9e59da554fcb3c4c426e 8599 httpd optional libapache2-mod-auth-openidc_2.4.9.4-0+deb11u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJKBAEBCgA0FiEE3wEiR7/GVQGv8oRFDCS4Qcfduq8FAmOhqVYWHHNjaGxhcmJt QHVuaS1tYWluei5kZQAKCRAMJLhBx926r4+8D/9tkLxn3jmUI5LavWzzJShn5LuG 6kFHwSubiF3n/Ll//XlvO6bjbPKkrB6V3s8hhcooipPjxQbfKxttkaCz83c86jl4 zrxrAaPrnoGkDfDlpIYCqVqs3Oz+2wr0tOTuqRtwNdTw91m2payJcEcr2QX2U8+p Vxx7Kfr8soFsF3cpMQUB6tKTm2AYXzNlK4ZTpfxBbiPxw7zDZeTVqJhHNkL+tcRL Dm8d/5JBKd8XbKy9IkvXz/TsaOQl+goVk6goqr00WOorerYHKJIoDBwas+wV1yEx FG+Ydw3XUWlPDANV0PmuPMyrVFealpoVx7++A5gG7FKR3vrj+3YWGPj7Fx3oPDYr nFT4sbcfYQX4YeiOEZ9XRcFjnbQ6GR6Fb/ZySB/jWUUnFY+AlFBhit2oPw3OQf5E 4awPpo3qSVdhoXKw+01u7NQeYUvvPmrHPNWtLFZDEY0YIAqhEM89ZRrlet2lzbdP FG1umXcybLEe9McC1O7a4qdYw7U5QNi4zFRSq39bkPxzY778uphSzK3udSIyW0di fxpDJ8Gbz2rcDU9busHYTXGpaQjVMYBeOIZK+om9NN5je4iL++WjbY66r7DlTTwg 27hjWiEhiqXD9rsm2RV9KtwLlyJX7OMjYakuVZDBltakT1BX728FrCp9Qf/Wcy+6 R+OqWhiO7TrJuEsa7w== =QSBQ -----END PGP SIGNATURE-----