Bug#1064183: libapache2-mod-auth-openidc: CVE-2024-24814

2024-04-18 Thread Moritz Muehlenhoff
On Thu, Apr 18, 2024 at 02:40:41PM +0200, Moritz Schlarb wrote: > Dear Salvatore, > > I've prepared, built, tested and uploaded fixed versions for bullseye > (2.4.9.4-0+deb11u4), bookworm (2.4.12.3-2+deb12u1) and trixie (2.4.15.7-1). > > Would you like to issue a DSA for them or is it enough

Bug#1064183: libapache2-mod-auth-openidc: CVE-2024-24814

2024-04-18 Thread Moritz Schlarb
Dear Salvatore, I've prepared, built, tested and uploaded fixed versions for bullseye (2.4.9.4-0+deb11u4), bookworm (2.4.12.3-2+deb12u1) and trixie (2.4.15.7-1). Would you like to issue a DSA for them or is it enough that they are included in the next stable point release? Regards, Moritz

Bug#1064183: libapache2-mod-auth-openidc: CVE-2024-24814

2024-02-17 Thread Salvatore Bonaccorso
Source: libapache2-mod-auth-openidc Version: 2.4.15.1-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for libapache2-mod-auth-openidc. CVE-2024-24814[0]: | mod_auth_openidc is an OpenID Certified™