Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package libapache2-mod-auth-openidc currently the version 2.4.4.1-2 of libapache2-mod-auth-openidc is in testing/bullseye . Some days ago four CVE security bugs were published which are fixed in version 2.4.9 . The fix to CVE-2021-32791 looks quite big, so that I think it is not safe to backport it to 2.4.4.1 like the others could be. I uploaded the latest upstream (2.4.9) rather than try to backport the fixes to 2.4.4. unblock libapache2-mod-auth-openidc/2.4.9-1 -- System Information: Debian Release: 10.10 APT prefers stable-updates APT policy: (600, 'stable-updates'), (600, 'stable'), (500, 'oldstable'), (90, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-17-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled