-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libapache2-mod-auth-openidc Version : 1.6.0-1+deb8u3 CVE ID : CVE-2019-20479
An issue has been found in libapache2-mod-auth-openidc, an OpenID Connect authentication module for Apache.
Due to insufficient validatation of URLs an Open Redirect vulnerability for URLs beginning with a slash and backslash could be abused. For Debian 8 "Jessie", this problem has been fixed in version 1.6.0-1+deb8u3. We recommend that you upgrade your libapache2-mod-auth-openidc packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl5ail1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEcQgRAAukS74FiYCryvFVW5HLyZg/ym3KrQR5Xq/cOYmFaR47Lw7Jcu6e57O1Ig n/D7TKD/jvWsUpU6+gxnPKrdfzyKIx0LEcWS+LzG0BZjpoMdCliPZtUvjCBJv089 VHRM2Ke7+FJAWD65uMHVc6aTFWC7u8r2PybRPGQCmv8pggbnL7y6C/4MmeErXfYx ouTfb5jsfQQ4EzjLwm8TpWQL4ebh8v/jIjfmgQbjKOU55NcaexPyXQG9ns7wTFLZ NK1v/XlEJx+Wdg/vVNE4c5nT+ya40PDJAyMjxGDBEfGjfXKkv4ZkMONH5PbbIats X16+ygPK/7QuxWx9zwTw1ChCyQaY4fMnalpS73vLAJdEkoaTrTGt2LdNePBODrAh mzkizXtFEVSZ2J77hhFDhNe2y3CAY/ZuFcp6xmedJCYyac2SPIALSkEiU0WCbMqT 0Mkq1UYRSxqWI85RBWC4LdSTxvo3gSq37lXn9M7dpVWNb5vJP6KZndwcjT4MdjeW mEI843qVNNkuFq+9xfPSqKgixIAXSb3p0JvNvkkiJR5IvvJ8fLo0Vh9XWDTVx3YK XMpW7qUT+Tjtnw3HrEh7Py/beIo661CJ7UoVo2BUtiTowQ9WAeTCUm3v5x4b0SL0 y33TaIQhf2hy7OWrpXRMv3PZY94VONq/aX4zZ4si5jcIZPeijng= =QIi/ -----END PGP SIGNATURE-----
