Bug#1033916: libapache2-mod-auth-openidc: CVE-2023-28625: segfault DoS when OIDCStripCookies is set

On Wed, May 03, 2023 at 04:55:00PM +0200, Moritz Mühlenhoff wrote: > I think we can fix this via a DSA, can you please change the distribution line > to bullseye-wikimedia and upload to security-master? (Needs an upload with -sa Sorry, this should be bullseye-security obviously :-) Cheers,

Bug#1033916: libapache2-mod-auth-openidc: CVE-2023-28625: segfault DoS when OIDCStripCookies is set

Am Tue, May 02, 2023 at 01:05:55PM +0200 schrieb Moritz Schlarb: > Dear Security Team, > > regarding fixing this in Bullseye > (https://salsa.debian.org/debian/libapache2-mod-auth-openidc/-/compare/769c3920203e7c64f6ff9456ee6858ac0cb034f0...a8e821213ac28ca0909ca4f1bf512de5e35f90fa): > > Shall I

Bug#1033916: libapache2-mod-auth-openidc: CVE-2023-28625: segfault DoS when OIDCStripCookies is set

Dear Security Team, regarding fixing this in Bullseye (https://salsa.debian.org/debian/libapache2-mod-auth-openidc/-/compare/769c3920203e7c64f6ff9456ee6858ac0cb034f0...a8e821213ac28ca0909ca4f1bf512de5e35f90fa): Shall I upload this to security or proposed-updates? Best regards, Moritz On

Bug#1033916: libapache2-mod-auth-openidc: CVE-2023-28625: segfault DoS when OIDCStripCookies is set

Source: libapache2-mod-auth-openidc Version: 2.4.12.3-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for libapache2-mod-auth-openidc. CVE-2023-28625[0]: | mod_auth_openidc is an authentication