-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 02 May 2023 12:59:57 +0200 Source: libapache2-mod-auth-openidc Architecture: source Version: 2.4.9.4-0+deb11u3 Distribution: bullseye-security Urgency: high Maintainer: Moritz Schlarb <schlarbm@uni-mainz.de> Changed-By: Moritz Schlarb <schlarbm@uni-mainz.de> Closes: 1033916 Changes: libapache2-mod-auth-openidc (2.4.9.4-0+deb11u3) bullseye-security; urgency=high . * Add patch to Fix CVE-2023-28625 (Closes: #1033916) segfault DoS when OIDCStripCookies is set https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr Checksums-Sha1: cc44486f25fbf33009123780fc290fae8448eb5a 2682 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u3.dsc 47f8b949552c3d32f019c5cf785c4672dc0f8aae 261544 libapache2-mod-auth-openidc_2.4.9.4.orig.tar.gz ac7ccfb5ecec4cdecd7ede4286da20991d75e256 7324 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u3.debian.tar.xz 125154ef4c72cfee86e778a9f073aafbbbddec7c 7193 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u3_source.buildinfo Checksums-Sha256: 268ae6b52d6e853421b63894b17f656598f1abf7ce0452be2508e47bdeaecf97 2682 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u3.dsc 142ee7abd49a4c6e2a7233c9124143709e733e8e51896c4a4f4172b0ffbc4741 261544 libapache2-mod-auth-openidc_2.4.9.4.orig.tar.gz 2b593fdcd0482ef13c9523863661e46aa505ea43d92d322c737859ee5200ce28 7324 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u3.debian.tar.xz b37a4779c0a9b221fe4b51cbb5dacb021c1741052f659fbb2cbdf11f1fa93d66 7193 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u3_source.buildinfo Files: 5724f4ca0708c588c01513e294455399 2682 httpd optional libapache2-mod-auth-openidc_2.4.9.4-0+deb11u3.dsc 21959e96f73545012afec7201f5f46fd 261544 httpd optional libapache2-mod-auth-openidc_2.4.9.4.orig.tar.gz 95bf23311f2c90a5c443fc312ffe425a 7324 httpd optional libapache2-mod-auth-openidc_2.4.9.4-0+deb11u3.debian.tar.xz c63f440fd9c611be652d00b1000fee32 7193 httpd optional libapache2-mod-auth-openidc_2.4.9.4-0+deb11u3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRiiipfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EfyQQAJ2Va0RRzFK73JmcIEDw5Lr7zKPaLCjW r6Wl3z9qwaPyQAYkRPyJ9swT9vi804+jOs4WzT5TAjioIuHo1uzJhrtgXV2ENp+e BkmbBEecvkdOlBUvFkm/zPNVLm5yu9zzUKwqt6zGgbRoeKCsxHgM9FPl3t/+gx6j LbH056SNPF4fDnAcKaUFf97wLMtWpjmij5rwUcNAS5C4NhPA01Pn92Kxq26zBDpP sIU0WAHMJAxP4PH8lnmhCtXCX2DTinNAJ0Z9HnSsBFSLKLDisUWJXUa2CTm4bkoB EvSE9xpq3dy0wdNtnLr+2rbm2hvznATUS/6w4C/wX/khB9KeTsIT7ik/h+IuQqg4 pHYGuJxDGnI/5M/QP9r9e6gQF0+AOJHrkFwPNRvkKqlxQsG7L1zSH1QkVYMGZ0ns ZRiIuG49sq0jT8XE0VDxwFAHW7oPH3jaC86tgoc6wiM5CEsGNCWvm3njZbhP1CUA pWghor1kGCS+DDb0NNLUkC/HgJ/qJ5IFPs0OZHXvvHXVzxdNrsEhqsiBzuKl5mjk ecAgFtDyyJ6ICtr/nKirHkXjyMc+0Tb639B76p6blUVgfHnOkwM2L9U2QqGmc7gS IU0UCg5lzXwjFaOPpbaFJbJSmDgFdoXbZ0XP4qvGIB7m2xk3eQ5UQtLcEzMuBOob A1G0smGz4mEH =yu26 -----END PGP SIGNATURE-----