[Git][security-tracker-team/security-tracker][master] Reserve DLA-3409-1 for libapache2-mod-auth-openidc

Adrian Bunk (@bunk) bunk at debian.org
Sun Apr 30 22:04:15 BST 2023 


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b62cd5ef by Adrian Bunk at 2023-04-30T23:58:35+03:00
Reserve DLA-3409-1 for libapache2-mod-auth-openidc

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -146460,14 +146460,12 @@ CVE-2021-32793 (Pi-hole's Web interface provides a central location to manage a
 	NOT-FOR-US: Pi-hole
 CVE-2021-32792 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
 	- libapache2-mod-auth-openidc 2.4.9-1 (bug #991580)
-	[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751 (v2.4.9)
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56 (v2.4.9)
 CVE-2021-32791 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
 	- libapache2-mod-auth-openidc 2.4.9-1 (bug #991581)
-	[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c (v2.4.9)
@@ -146481,13 +146479,11 @@ CVE-2021-32787 (Sourcegraph is a code search and navigation engine. Sourcegraph
 	NOT-FOR-US: Sourcegraph
 CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
 	- libapache2-mod-auth-openidc 2.4.9-1 (bug #991582)
-	[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/3a115484eb927bc6daa5737dd84f88ff4bbc5544 (v2.4.9)
 CVE-2021-32785 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
 	- libapache2-mod-auth-openidc 2.4.9-1 (bug #991583)
-	[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-55r8-6w97-xxr4
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/dc672688dc1f2db7df8ad4abebc367116017a449 (v2.4.9)
@@ -237549,7 +237545,6 @@ CVE-2020-9272 (ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mo
 CVE-2019-20479 (A flaw was found in mod_auth_openidc before version 2.4.1. An open red ...)
 	{DLA-2298-1 DLA-2130-1}
 	- libapache2-mod-auth-openidc 2.4.1-1
-	[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/453
 CVE-2019-20478 (In ruamel.yaml through 0.16.7, the load method allows remote code exec ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Apr 2023] DLA-3409-1 libapache2-mod-auth-openidc - security update
+	{CVE-2019-20479 CVE-2021-32785 CVE-2021-32786 CVE-2021-32791 CVE-2021-32792 CVE-2023-28625}
+	[buster] - libapache2-mod-auth-openidc 2.3.10.2-1+deb10u2
 [30 Apr 2023] DLA-3408-1 jruby - security update
 	{CVE-2017-17742 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2020-25613 CVE-2021-31810 CVE-2021-32066 CVE-2023-28755 CVE-2023-28756}
 	[buster] - jruby 9.1.17.0-3+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -88,13 +88,6 @@ hdf5
   NOTE: 20230318: Enrico did some work around hdf5* packaging in the past, probably
   NOTE: 20230318: sync w/ him. (utkarsh)
 --
-libapache2-mod-auth-openidc (Adrian Bunk)
-  NOTE: 20230404: Programming language: C.
-  NOTE: 20230404: CVE-2019-20479 fixed in all other dists (including DLA-2298-1 for stretch)
-  NOTE: 20230404: CVE-2021-39191 fixed in Debian 11.4
-  NOTE: 20230404: CVE-2022-23527 will be fixed in Debian 11.7 (#1026447)
-  NOTE: 20230404: Also check if other postponed/open CVEs need to be fixed (Beuc/front-desk)
---
 linux (Ben Hutchings)
   NOTE: 20230111: Programming language: C
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b62cd5ef89c5ac254e9d2146a19393ba540e59a4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b62cd5ef89c5ac254e9d2146a19393ba540e59a4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230430/6e9bd3a5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list