Package: libapache2-mod-auth-openidc

Package: libapache2-mod-auth-openidc / 2.4.9.4-0+deb11u4

Package	Version	Patches format
libapache2-mod-auth-openidc	2.4.9.4-0+deb11u4	3.0 (quilt)

Patch	File delta	Description
fix parallel build.patch \| (download)	Makefile.in \| 4 3 + 1 - 0 ! 1 file changed, 3 insertions(+), 1 deletion(-)	fix parallel build MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit When building in parallel mode, test and test-cmd, compilations collide on stub.o We could force make -j1, but the Makefile would still be inherently badly written.
0002 Fix CVE 2022 23527 prevent open redirect.patch \| (download)	src/mod_auth_openidc.c \| 14 14 + 0 - 0 ! src/mod_auth_openidc.h \| 1 1 + 0 - 0 ! src/util.c \| 18 18 + 0 - 0 ! 3 files changed, 33 insertions(+)	fix cve-2022-23527: prevent open redirect - CVE-2022-23527: prevent open redirect in default setup when OIDCRedirectURLsAllowed is not configured see: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53
0003 Fix CVE 2023 28625 segfault DoS when OIDCStripCookie.patch \| (download)	src/mod_auth_openidc.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	fix cve-2023-28625: segfault dos when oidcstripcookies is set
0004 fix DoS CVE 2024 24814.patch \| (download)	src/util.c \| 35 17 + 18 - 0 ! 1 file changed, 17 insertions(+), 18 deletions(-)	[patch] release 2.4.15.2: fix dos cve-2024-24814 fix CVE-2024-24814: DoS when 'OIDCSessionType client-cookie' is set and a crafted Cookie header is supplied https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>

Patch	File delta	Description
fix parallel build.patch \| (download)	Makefile.in \| 4 3 + 1 - 0 ! 1 file changed, 3 insertions(+), 1 deletion(-)	fix parallel build MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit When building in parallel mode, test and test-cmd, compilations collide on stub.o We could force make -j1, but the Makefile would still be inherently badly written.
0002 Fix CVE 2022 23527 prevent open redirect.patch \| (download)	src/mod_auth_openidc.c \| 14 14 + 0 - 0 ! src/mod_auth_openidc.h \| 1 1 + 0 - 0 ! src/util.c \| 18 18 + 0 - 0 ! 3 files changed, 33 insertions(+)	fix cve-2022-23527: prevent open redirect - CVE-2022-23527: prevent open redirect in default setup when OIDCRedirectURLsAllowed is not configured see: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53
0003 Fix CVE 2023 28625 segfault DoS when OIDCStripCookie.patch \| (download)	src/mod_auth_openidc.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	fix cve-2023-28625: segfault dos when oidcstripcookies is set
0004 fix DoS CVE 2024 24814.patch \| (download)	src/util.c \| 35 17 + 18 - 0 ! 1 file changed, 17 insertions(+), 18 deletions(-)	[patch] release 2.4.15.2: fix dos cve-2024-24814 fix CVE-2024-24814: DoS when 'OIDCSessionType client-cookie' is set and a crafted Cookie header is supplied https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>