Bug#1035377: marked as done (unblock: libapache2-mod-auth-openidc/2.4.12.3-2)

Mon, 22 May 2023 00:18:14 -0700 

Your message dated Mon, 22 May 2023 09:08:25 +0200
with message-id <[email protected]>
and subject line Re: Bug#1035377: unblock: 
libapache2-mod-auth-openidc/2.4.12.3-2
has caused the Debian Bug report #1035377,
regarding unblock: libapache2-mod-auth-openidc/2.4.12.3-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1035377: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035377
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:libapache2-mod-auth-openidc

Please unblock package libapache2-mod-auth-openidc

Fixes CVE-2023-28625 "segfault DoS when OIDCStripCookies is set".

[ Reason ]
Fixes #1033916 by fixing CVE-2023-28625.

[ Impact ]
The CVE with  Base Score:  7.5 HIGH
Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
would persist in the new stable release.

[ Tests ]
The patch has been verified by upstream and I have successfully
tested the new package version in our infrastructure.

[ Risks ]
The newly added patch changes just two lines by adding a
null pointer check. I don't see anything getting worse by
that.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock libapache2-mod-auth-openidc/2.4.12.3-2

--- End Message ---
--- Begin Message --- 
Dear Paul,

On 03.05.23 19:55, Paul Gevers wrote:
Are you asking for aging, or did you miss the point that you didn't need to request an unblock? 

I'm sorry, but exactly that has been the case. @(

Sorry about that!

--
Moritz Schlarb
Unix und Cloud
Zentrum für Datenverarbeitung
Johannes Gutenberg-Universität Mainz

OpenPGP-Fingerprint: DF01 2247 BFC6
 5501 AFF2 8445 0C24 B841 C7DD BAAF

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


--- End Message ---

Reply via email to