[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1035377: unblock: libapache2-mod-auth-openidc/2.4.12.3-2

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: libapache2-mod-auth-openidc@packages.debian.org
Control: affects -1 + src:libapache2-mod-auth-openidc

Please unblock package libapache2-mod-auth-openidc

Fixes CVE-2023-28625 "segfault DoS when OIDCStripCookies is set".

[ Reason ]
Fixes #1033916 by fixing CVE-2023-28625.

[ Impact ]
The CVE with  Base Score:  7.5 HIGH
Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
would persist in the new stable release.

[ Tests ]
The patch has been verified by upstream and I have successfully
tested the new package version in our infrastructure.

[ Risks ]
The newly added patch changes just two lines by adding a
null pointer check. I don't see anything getting worse by
that.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock libapache2-mod-auth-openidc/2.4.12.3-2
Reply to: