[Git][security-tracker-team/security-tracker][master] libapache2-mod-auth-openidc fixed in sid

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 8 10:14:57 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e8caea7c by Moritz Muehlenhoff at 2021-06-08T11:14:30+02:00
libapache2-mod-auth-openidc fixed in sid
apache2 fixed in experimental

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6236,6 +6236,7 @@ CVE-2021-31619
 	RESERVED
 CVE-2021-31618 [httpd: NULL pointer dereference on specially crafted HTTP/2 request]
 	RESERVED
+	[experimental] - apache2 2.4.48-1
 	- apache2 <unfixed> (bug #989562)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618
 	NOTE: https://github.com/apache/httpd/commit/a4fba223668c554e06bc78d6e3a88f33d4238ae4
@@ -9657,7 +9658,8 @@ CVE-2020-36310 (An issue was discovered in the Linux kernel before 5.8. arch/x86
 	NOTE: https://git.kernel.org/linus/e72436bc3a5206f95bb384e741154166ddb3202e
 CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...)
 	- nginx <unfixed> (bug #986787)
-	[buster] - nginx <no-dsa> (Minor issue)
+	[bullseye] - nginx <ignored> (Minor issue, too intrusive to backport, see #986787)
+	[buster] - nginx <ignored> (Minor issue, too intrusive to backport, see #986787)
 	[stretch] - nginx <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/openresty/lua-nginx-module/pull/1654
 CVE-2020-36308 (Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discov ...)
@@ -33333,7 +33335,7 @@ CVE-2021-20720 (SQL injection vulnerability in the KonaWiki2 versions prior to 2
 CVE-2021-20719 (RFNTPS firmware versions System_01000004 and earlier, and Web_01000004 ...)
 	NOT-FOR-US: RFNTPS firmware
 CVE-2021-20718 (mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a de ...)
-	- libapache2-mod-auth-openidc <unfixed> (bug #989055)
+	- libapache2-mod-auth-openidc 2.4.4.1-2 (bug #989055)
 	[buster] - libapache2-mod-auth-openidc <not-affected> (Vulnerable code introduced later)
 	[stretch] - libapache2-mod-auth-openidc <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/5ef1b0a74208fcb43a16795d0afc94c3d54cd120



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8caea7c9b1f1742de3ef5ea1c82c933fd8371ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8caea7c9b1f1742de3ef5ea1c82c933fd8371ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210608/22030ae7/attachment.htm>

More information about the debian-security-tracker-commits mailing list