Bug#1035377: unblock: libapache2-mod-auth-openidc/2.4.12.3-2
Hi Moritz, On 02-05-2023 13:14, Moritz Schlarb wrote: Please unblock package libapache2-mod-auth-openidc https://qa.debian.org/excuses.php?package=libapache2-mod-auth-openidc says: not blocked: has successful autopkgtest Are you asking for aging, or did you miss the point that you didn't need to request an unblock? Paul OpenPGP_signature Description: OpenPGP digital signature
Bug#1035377: unblock: libapache2-mod-auth-openidc/2.4.12.3-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: libapache2-mod-auth-open...@packages.debian.org Control: affects -1 + src:libapache2-mod-auth-openidc Please unblock package libapache2-mod-auth-openidc Fixes CVE-2023-28625 "segfault DoS when OIDCStripCookies is set". [ Reason ] Fixes #1033916 by fixing CVE-2023-28625. [ Impact ] The CVE with Base Score: 7.5 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H would persist in the new stable release. [ Tests ] The patch has been verified by upstream and I have successfully tested the new package version in our infrastructure. [ Risks ] The newly added patch changes just two lines by adding a null pointer check. I don't see anything getting worse by that. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock libapache2-mod-auth-openidc/2.4.12.3-2