Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits: b62cd5ef by Adrian Bunk at 2023-04-30T23:58:35+03:00 Reserve DLA-3409-1 for libapache2-mod-auth-openidc - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -146460,14 +146460,12 @@ CVE-2021-32793 (Pi-hole's Web interface provides a central location to manage a NOT-FOR-US: Pi-hole CVE-2021-32792 (mod_auth_openidc is an authentication/authorization module for the Apa ...) - libapache2-mod-auth-openidc 2.4.9-1 (bug #991580) - [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751 (v2.4.9) NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56 (v2.4.9) CVE-2021-32791 (mod_auth_openidc is an authentication/authorization module for the Apa ...) - libapache2-mod-auth-openidc 2.4.9-1 (bug #991581) - [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c (v2.4.9) @@ -146481,13 +146479,11 @@ CVE-2021-32787 (Sourcegraph is a code search and navigation engine. Sourcegraph NOT-FOR-US: Sourcegraph CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for the Apa ...) - libapache2-mod-auth-openidc 2.4.9-1 (bug #991582) - [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7 NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/3a115484eb927bc6daa5737dd84f88ff4bbc5544 (v2.4.9) CVE-2021-32785 (mod_auth_openidc is an authentication/authorization module for the Apa ...) - libapache2-mod-auth-openidc 2.4.9-1 (bug #991583) - [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-55r8-6w97-xxr4 NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/dc672688dc1f2db7df8ad4abebc367116017a449 (v2.4.9) @@ -237549,7 +237545,6 @@ CVE-2020-9272 (ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mo CVE-2019-20479 (A flaw was found in mod_auth_openidc before version 2.4.1. An open red ...) {DLA-2298-1 DLA-2130-1} - libapache2-mod-auth-openidc 2.4.1-1 - [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7 NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/453 CVE-2019-20478 (In ruamel.yaml through 0.16.7, the load method allows remote code exec ...) ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[30 Apr 2023] DLA-3409-1 libapache2-mod-auth-openidc - security update + {CVE-2019-20479 CVE-2021-32785 CVE-2021-32786 CVE-2021-32791 CVE-2021-32792 CVE-2023-28625} + [buster] - libapache2-mod-auth-openidc 2.3.10.2-1+deb10u2 [30 Apr 2023] DLA-3408-1 jruby - security update {CVE-2017-17742 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2020-25613 CVE-2021-31810 CVE-2021-32066 CVE-2023-28755 CVE-2023-28756} [buster] - jruby 9.1.17.0-3+deb10u1 ===================================== data/dla-needed.txt ===================================== @@ -88,13 +88,6 @@ hdf5 NOTE: 20230318: Enrico did some work around hdf5* packaging in the past, probably NOTE: 20230318: sync w/ him. (utkarsh) -- -libapache2-mod-auth-openidc (Adrian Bunk) - NOTE: 20230404: Programming language: C. - NOTE: 20230404: CVE-2019-20479 fixed in all other dists (including DLA-2298-1 for stretch) - NOTE: 20230404: CVE-2021-39191 fixed in Debian 11.4 - NOTE: 20230404: CVE-2022-23527 will be fixed in Debian 11.7 (#1026447) - NOTE: 20230404: Also check if other postponed/open CVEs need to be fixed (Beuc/front-desk) --- linux (Ben Hutchings) NOTE: 20230111: Programming language: C -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b62cd5ef89c5ac254e9d2146a19393ba540e59a4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b62cd5ef89c5ac254e9d2146a19393ba540e59a4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits