[Git][security-tracker-team/security-tracker][master] Reserve DLA-3499-1 for libapache2-mod-auth-openidc
Guilhem Moulin (@guilhem)
guilhem at debian.org
Tue Jul 18 23:40:15 BST 2023
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2da979ec by Guilhem Moulin at 2023-07-19T00:39:49+02:00
Reserve DLA-3499-1 for libapache2-mod-auth-openidc
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -111492,7 +111492,6 @@ CVE-2022-23528
CVE-2022-23527 (mod_auth_openidc is an OpenID Certified\u2122 authentication and autho ...)
- libapache2-mod-auth-openidc 2.4.12.2-1 (bug #1026444)
[bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u2
- [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53
NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/87119f44b9a88312dbc1f752d720bcd2371b94a8 (v2.4.12.2)
CVE-2022-23526 (Helm is a tool for managing Charts, pre-configured Kubernetes resource ...)
@@ -139809,7 +139808,6 @@ CVE-2021-39192 (Ghost is a Node.js content management system. An error in the im
CVE-2021-39191 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
- libapache2-mod-auth-openidc 2.4.9.4-1 (bug #993648)
[bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u1
- [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue; can be fixed via point release)
[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-2pgf-8h6h-gqg2
NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/03e6bfb446f4e3f27c003d30d6a433e5dd8e2b3d
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[19 Jul 2023] DLA-3499-1 libapache2-mod-auth-openidc - security update
+ {CVE-2021-39191 CVE-2022-23527}
+ [buster] - libapache2-mod-auth-openidc 2.3.10.2-1+deb10u3
[18 Jul 2023] DLA-3498-1 bind9 - security update
{CVE-2023-2828}
[buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u9
=====================================
data/dla-needed.txt
=====================================
@@ -80,10 +80,6 @@ imagemagick
--
iperf3 (Markus Koschany)
--
-libapache2-mod-auth-openidc (guilhem)
- NOTE: 20230620: Added by Front-Desk (Beuc)
- NOTE: 20230620: Follow fix from bullseye 11.7 (CVE-2022-23527) + 1 postponed CVE-2021-39191 (Beuc/front-desk)
---
libreoffice (Abhijith PA)
NOTE: 20230530: Added by Front-Desk (pochu)
NOTE: 20230718: http://people.debian.org/~abhijith/upload/lo (abhijith)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2da979ecb1f86e6827671057f764ce3f3a3b7195
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2da979ecb1f86e6827671057f764ce3f3a3b7195
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230718/3f38d075/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list