[Git][security-tracker-team/security-tracker][master] Reserve DLA-3409-1 for libapache2-mod-auth-openidc

Adrian Bunk (@bunk) Sun, 30 Apr 2023 14:04:24 -0700


Adrian Bunk pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b62cd5ef by Adrian Bunk at 2023-04-30T23:58:35+03:00
Reserve DLA-3409-1 for libapache2-mod-auth-openidc

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -146460,14 +146460,12 @@ CVE-2021-32793 (Pi-hole's Web interface provides a 
central location to manage a
        NOT-FOR-US: Pi-hole
 CVE-2021-32792 (mod_auth_openidc is an authentication/authorization module for 
the Apa ...)
        - libapache2-mod-auth-openidc 2.4.9-1 (bug #991580)
-       [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
        [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
        NOTE: 
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j
        NOTE: 
https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751
 (v2.4.9)
        NOTE: 
https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56
 (v2.4.9)
 CVE-2021-32791 (mod_auth_openidc is an authentication/authorization module for 
the Apa ...)
        - libapache2-mod-auth-openidc 2.4.9-1 (bug #991581)
-       [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
        [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
        NOTE: 
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r
        NOTE: 
https://github.com/zmartzone/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c
 (v2.4.9)
@@ -146481,13 +146479,11 @@ CVE-2021-32787 (Sourcegraph is a code search and 
navigation engine. Sourcegraph
        NOT-FOR-US: Sourcegraph
 CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for 
the Apa ...)
        - libapache2-mod-auth-openidc 2.4.9-1 (bug #991582)
-       [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
        [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
        NOTE: 
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7
        NOTE: 
https://github.com/zmartzone/mod_auth_openidc/commit/3a115484eb927bc6daa5737dd84f88ff4bbc5544
 (v2.4.9)
 CVE-2021-32785 (mod_auth_openidc is an authentication/authorization module for 
the Apa ...)
        - libapache2-mod-auth-openidc 2.4.9-1 (bug #991583)
-       [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
        [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
        NOTE: 
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-55r8-6w97-xxr4
        NOTE: 
https://github.com/zmartzone/mod_auth_openidc/commit/dc672688dc1f2db7df8ad4abebc367116017a449
 (v2.4.9)
@@ -237549,7 +237545,6 @@ CVE-2020-9272 (ProFTPD 1.3.7 has an out-of-bounds 
(OOB) read vulnerability in mo
 CVE-2019-20479 (A flaw was found in mod_auth_openidc before version 2.4.1. An 
open red ...)
        {DLA-2298-1 DLA-2130-1}
        - libapache2-mod-auth-openidc 2.4.1-1
-       [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
        NOTE: 
https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7
        NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/453
 CVE-2019-20478 (In ruamel.yaml through 0.16.7, the load method allows remote 
code exec ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Apr 2023] DLA-3409-1 libapache2-mod-auth-openidc - security update
+       {CVE-2019-20479 CVE-2021-32785 CVE-2021-32786 CVE-2021-32791 
CVE-2021-32792 CVE-2023-28625}
+       [buster] - libapache2-mod-auth-openidc 2.3.10.2-1+deb10u2
 [30 Apr 2023] DLA-3408-1 jruby - security update
        {CVE-2017-17742 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 
CVE-2020-25613 CVE-2021-31810 CVE-2021-32066 CVE-2023-28755 CVE-2023-28756}
        [buster] - jruby 9.1.17.0-3+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -88,13 +88,6 @@ hdf5
   NOTE: 20230318: Enrico did some work around hdf5* packaging in the past, 
probably
   NOTE: 20230318: sync w/ him. (utkarsh)
 --
-libapache2-mod-auth-openidc (Adrian Bunk)
-  NOTE: 20230404: Programming language: C.
-  NOTE: 20230404: CVE-2019-20479 fixed in all other dists (including 
DLA-2298-1 for stretch)
-  NOTE: 20230404: CVE-2021-39191 fixed in Debian 11.4
-  NOTE: 20230404: CVE-2022-23527 will be fixed in Debian 11.7 (#1026447)
-  NOTE: 20230404: Also check if other postponed/open CVEs need to be fixed 
(Beuc/front-desk)
---
 linux (Ben Hutchings)
   NOTE: 20230111: Programming language: C
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b62cd5ef89c5ac254e9d2146a19393ba540e59a4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b62cd5ef89c5ac254e9d2146a19393ba540e59a4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3409-1 for libapache2-mod-auth-openidc

Reply via email to