Bug#1035377: unblock: libapache2-mod-auth-openidc/2.4.12.3-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: libapache2-mod-auth-openidc@packages.debian.org
Control: affects -1 + src:libapache2-mod-auth-openidc
Please unblock package libapache2-mod-auth-openidc
Fixes CVE-2023-28625 "segfault DoS when OIDCStripCookies is set".
[ Reason ]
Fixes #1033916 by fixing CVE-2023-28625.
[ Impact ]
The CVE with Base Score: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
would persist in the new stable release.
[ Tests ]
The patch has been verified by upstream and I have successfully
tested the new package version in our infrastructure.
[ Risks ]
The newly added patch changes just two lines by adding a
null pointer check. I don't see anything getting worse by
that.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock libapache2-mod-auth-openidc/2.4.12.3-2
Reply to: