Your message dated Mon, 07 Jun 2021 20:33:28 +0000 with message-id <e1lqlw8-000c00...@fasolo.debian.org> and subject line Bug#989055: fixed in libapache2-mod-auth-openidc 2.4.4.1-2 has caused the Debian Bug report #989055, regarding libapache2-mod-auth-openidc: CVE-2021-20718 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 989055: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989055 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libapache2-mod-auth-openidc Version: 2.4.4.1-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for libapache2-mod-auth-openidc. CVE-2021-20718[0]: | mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a | denial-of-service (DoS) condition via unspecified vectors. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-20718 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20718 [1] https://jvn.jp/en/jp/JVN49704918/index.html [2] https://github.com/zmartzone/mod_auth_openidc/commit/5ef1b0a74208fcb43a16795d0afc94c3d54cd120 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libapache2-mod-auth-openidc Source-Version: 2.4.4.1-2 Done: Christoph Martin <mar...@uni-mainz.de> We believe that the bug you reported is fixed in the latest version of libapache2-mod-auth-openidc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 989...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christoph Martin <mar...@uni-mainz.de> (supplier of updated libapache2-mod-auth-openidc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 07 Jun 2021 20:54:00 +0200 Source: libapache2-mod-auth-openidc Architecture: source Version: 2.4.4.1-2 Distribution: unstable Urgency: medium Maintainer: Moritz Schlarb <schla...@uni-mainz.de> Changed-By: Christoph Martin <mar...@uni-mainz.de> Closes: 989055 Changes: libapache2-mod-auth-openidc (2.4.4.1-2) unstable; urgency=medium . * fix CVE-2021-20718 using commit 5ef1b0a74208fcb43a16795d0afc94c3d54cd120 from version 2.4.8 (closes: #989055) Checksums-Sha1: be50d49aea2093eedd63d944c9b504372a1c960b 2495 libapache2-mod-auth-openidc_2.4.4.1-2.dsc b4798215eba17b1081e579aa7c185d576ba58831 6088 libapache2-mod-auth-openidc_2.4.4.1-2.debian.tar.xz 92f82715c952324ca7726a90983bb4f406c2f611 8701 libapache2-mod-auth-openidc_2.4.4.1-2_amd64.buildinfo Checksums-Sha256: ff52b70d1618f3054418a2f83fba4e62292fc043c2896f9cd7b1d89a4131c823 2495 libapache2-mod-auth-openidc_2.4.4.1-2.dsc a8bb3f5de5182e1807aecc39efe82882b5878f85dac783bac8a1cfb043a075cc 6088 libapache2-mod-auth-openidc_2.4.4.1-2.debian.tar.xz 6c04364a272aaa4890c246e5f66833e83c3d02bd3d3772e73ef6f974d782f22f 8701 libapache2-mod-auth-openidc_2.4.4.1-2_amd64.buildinfo Files: d82797aa38cea6fc88f3a7448a7be0a5 2495 httpd optional libapache2-mod-auth-openidc_2.4.4.1-2.dsc 96488ff3cbdc93416e5668720837c59c 6088 httpd optional libapache2-mod-auth-openidc_2.4.4.1-2.debian.tar.xz d53329878b2f9e405d2c090e622cd754 8701 httpd optional libapache2-mod-auth-openidc_2.4.4.1-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE+BlA6EFCFQgaFZxcfvEYdWb8Xj0FAmC+fTIACgkQfvEYdWb8 Xj3kHQ/9FfbNGCQNIJCZpDI5A6I/HPgHe5Z5PX5fi3nZ5dzZjduQefhI2N3Bj60e 1yv+9UD7PlwB7J83/q5mnLRvjO+JNYPggy7eyEIhWlWw/gKeJQHy0W22sQBsIa+5 tnRHfrjfu+8WHO8oUnAqcQkmI5j1kzoqyQ9N94kgqpskE7fkxsyln+Nt3zCCGS0c 7Q+0RYZdcYElbFYaDzu3NUY0injNzghEYglvmSxkaX+j3Dm5LkIVee4he1iBT1/v wb7hzizA1UyO7pCEiel7AEKTjdJmEtGcz0qg7nNowHB2jchpy5t8Hom6JgwdijaE cNW8LdR2XGwq0qieAnoNqijbJ92+GKasur1LYrVR+bN1QiO1Jj8Dwox10fX+DVeM vz44lUhVl+rx1ymYo0uvDuS9cvqUPQwubtD4+qFFdmk16GH5u3E19G0JvQrLvSX2 JEZcYSIpfU9PU4ZOf7wAO2HAWpcqtXTXfj0No0+rUX+ziB8mi9FUrpp3kkTrbmNA ZqiYMuuiKruQnSa6tSIA6RvZA8XFkTGPF6Y/rDuThaSgwmoFzK3i3BZcNgyxCKWH nq7eHeA+2EjzZXyyRbgmAwH5xHTB7qJD5Cbm2CYy0Nkvu80cCuuPQUszerlOmMzY /zeUCMdkfjrEHRPW9MtWifChcrhcvStnTjf935BPmL44TU3ldHQ= =zcHu -----END PGP SIGNATURE-----
--- End Message ---
