Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6d9a6b66 by Salvatore Bonaccorso at 2025-05-07T07:35:01+02:00
Update status for CVE-2025-3891/libapache2-mod-auth-openidc
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2864,9 +2864,10 @@ CVE-2025-3911 (Recording of environment variables,
configured for running contai
CVE-2025-3910 (A flaw was found in Keycloak. The org.keycloak.authorization
package m ...)
- keycloak <itp> (bug #1088287)
CVE-2025-3891 (A flaw was found in the mod_auth_openidc module for Apache
httpd. This ...)
- - libapache2-mod-auth-openidc <unfixed> (bug #1104484)
+ - libapache2-mod-auth-openidc 2.4.14.2-1 (bug #1104484)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2361633
- TODO: check upstream status
+ NOTE:
https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-x7cf-8wgv-5j86
+ NOTE: Fixed by:
https://github.com/OpenIDC/mod_auth_openidc/commit/29ea79dea97cdab1b0d150af2c9a50a442e7216e
(v2.4.13.2)
CVE-2025-3501 (A flaw was found in Keycloak. By setting a verification policy
to 'ALL ...)
- keycloak <itp> (bug #1088287)
CVE-2025-3471 (The SureForms WordPress plugin before 1.4.4 does not have
proper auth ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d9a6b660c7d942b19676f4865278d6c96865491
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d9a6b660c7d942b19676f4865278d6c96865491
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
