Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted libapache2-mod-auth-openidc 2.4.15.7-1 (source) into unstable
Date: Thu, 18 Apr 2024 12:05:41 +0000
Signed by: Moritz Schlarb <moschlar@metalabs.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 18 Apr 2024 13:46:00 +0200
Source: libapache2-mod-auth-openidc
Architecture: source
Version: 2.4.15.7-1
Distribution: unstable
Urgency: medium
Maintainer: Moritz Schlarb <schlarbm@uni-mainz.de>
Changed-By: Moritz Schlarb <schlarbm@uni-mainz.de>
Closes: 1064183
Changes:
 libapache2-mod-auth-openidc (2.4.15.7-1) unstable; urgency=medium
 .
   [ Hans Zandbelt ]
   * update to OpenIDC Github repository/organization
 .
   [ Moritz Schlarb ]
   * Bump Standards-Version
   * New upstream version 2.4.15.7
     * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks
       cookie value made the server vulnerable to a Denial of Service (DoS)
       attack. If an attacker manipulated the value of the OpenIDC cookie to a
       very large integer like 99999999, the server struggled with the request for
       a long time and finally returned a 500 error. Making a few requests of this
       kind caused servers to become unresponsive, and so attackers could thereby
       craft requests that would make the server work very hard and/or crash with
       minimal effort. (Closes: #1064183)
Checksums-Sha1:
 99e38667e5cbf3d57bdfa894f4591cf5a0a13e2c 2303 libapache2-mod-auth-openidc_2.4.15.7-1.dsc
 7a3b80e65f4243fb7a958a262ac8d08e0473d09d 317784 libapache2-mod-auth-openidc_2.4.15.7.orig.tar.gz
 cf9be9c7cbf4030844f47fd1c1ad1c0f0a78e76b 7588 libapache2-mod-auth-openidc_2.4.15.7-1.debian.tar.xz
 997920d4d6f2ffb1d3f752c2efa7c3c815b1cc39 8866 libapache2-mod-auth-openidc_2.4.15.7-1_amd64.buildinfo
Checksums-Sha256:
 eb67c0732a7d4f059da9234eb8460004852b069836c3b42a57b47de46f2ff344 2303 libapache2-mod-auth-openidc_2.4.15.7-1.dsc
 672a7a483f28314372e33ad48a501c5cb8aac40c5a9c921ea962e7e2c11ab807 317784 libapache2-mod-auth-openidc_2.4.15.7.orig.tar.gz
 0eee50cf955f1c07c05071945c14a841df83f09b6beb49131b0ae2bfbac7865d 7588 libapache2-mod-auth-openidc_2.4.15.7-1.debian.tar.xz
 cade656c2a13892b465472aa06f2cdcc419dd3259688bee919d5f400679926c6 8866 libapache2-mod-auth-openidc_2.4.15.7-1_amd64.buildinfo
Files:
 2185caf1e85847bb9382070f358002d8 2303 httpd optional libapache2-mod-auth-openidc_2.4.15.7-1.dsc
 1161b07162a9b930dd3f0bc9bec05a9f 317784 httpd optional libapache2-mod-auth-openidc_2.4.15.7.orig.tar.gz
 f671e9c783143c4e158784cf55065af0 7588 httpd optional libapache2-mod-auth-openidc_2.4.15.7-1.debian.tar.xz
 d1ca7a5fec5a63fd93d417204e764639 8866 httpd optional libapache2-mod-auth-openidc_2.4.15.7-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJKBAEBCgA0FiEE3wEiR7/GVQGv8oRFDCS4Qcfduq8FAmYhCHAWHHNjaGxhcmJt
QHVuaS1tYWluei5kZQAKCRAMJLhBx926r0FMEACqE3ut/RuQjCMoeT+sUkMfWqOy
9I33i5HKbWWGrNcjx1a91SckGEFHkDiR+SfoyTNAF7aJ1FvAeXKPTJjH58DKXAa4
eQG+ti0KedQEoN5l5kUyR1922Vl6nIFlMoQ0K+f0evdHQQ/CIja3DUZOPiIb879W
az+rpIZv1PFjuF+MDmkl50/ysoj8QjT+M98e3M3D9Nh2iSREainYMWH4oHpKuUfP
PGcZa8NeOfPY4hoG8fN61nzWiXMaNX8bQQJ7h5xX2sHYvKb+syKgrTOFyi+uzaWI
evgrdytz2NLCHiTw/lc6VFAF0jg2sn5YIcr3Td25TJPJFfZf3uCVPZs7xjGGAr5Q
HezmbkzBevKULNin2DFhKVhnDYW5fZXpRpO/boGuLvoli9DVOU8N1My9c+1x9A3i
45VX7OmShN2bm6G4i+Kw9C3hGntVuzVggF1GVyGBFhlZ2J+sDlkiStEnaE4o2h3W
kKuMs4IyQB29xvRWb3kbxPnoo6fyiZJczPPck/YgTZppOnQKd+oP4ox0POmFo2aY
w7+3rOrG7kv5G3Zi2yXJBKZiNdV+/Es+PQ88UtrVl7e+AyNNQGuyKSfCmIz4wH4+
xQwTEPNE6EB77VjVovuj8d3QMCFI0Wc0p5hucF0wrbX6PPnXMyvpyCHqUCt8UBEj
csbkQZki9ZpyPVHi0w==
=TsXQ
-----END PGP SIGNATURE-----
News for package libapache2-mod-auth-openidc
