This bug was fixed in the package libapache2-mod-auth-openidc -
2.4.16.10-1ubuntu1
---------------
libapache2-mod-auth-openidc (2.4.16.10-1ubuntu1) plucky-security; urgency=medium
* SECURITY UPDATE: Data leak (LP: #2106320)
- debian/patches/CVE-2025-31492.patch: fix OIDCProviderAuthRequestMethod
POST
- CVE-2025-31492
-- Eduardo Barretto <[email protected]> Mon, 14 Apr 2025
13:52:48 +0200
** Changed in: libapache2-mod-auth-openidc (Ubuntu Plucky)
Status: Fix Committed => Fix Released
** Changed in: libapache2-mod-auth-openidc (Ubuntu Oracular)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2106320
Title:
OIDCProviderAuthRequestMethod POST leaks protected data
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-openidc/+bug/2106320/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
