Dear Release Team, currently the version 2.4.4.1-2 of libapache2-mod-auth-openidc is in testing/bullseye . Some days ago four CVE security bugs were published which are fixed in version 2.4.9 .
The fix to CVE-2021-32791 looks quite big, so that I think it is not safe to backport it to 2.4.4.1 like the others could be. I prefer to upload the latest upstream (2.4.9) rather than try to backport the fixes to 2.4.4. What do you think of this? Regards Christoph https://security-tracker.debian.org/tracker/CVE-2021-32785 https://security-tracker.debian.org/tracker/CVE-2021-32786 https://security-tracker.debian.org/tracker/CVE-2021-32791 https://security-tracker.debian.org/tracker/CVE-2021-32792
OpenPGP_signature
Description: OpenPGP digital signature