[ubuntu/focal-proposed] libapache2-mod-auth-mellon 0.14.2-1ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Fri Nov 22 18:00:12 UTC 2019
libapache2-mod-auth-mellon (0.14.2-1ubuntu2) focal; urgency=medium
* SECURITY UPDATE: open redirect issue
- debian/patches/CVE-2019-13038-1.patch: prevent schemes without
hostname in auth_mellon_util.c.
- debian/patches/CVE-2019-13038-2.patch: add error message in
auth_mellon_util.c.
- CVE-2019-13038
Date: Fri, 22 Nov 2019 12:39:03 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/0.14.2-1ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 22 Nov 2019 12:39:03 -0500
Source: libapache2-mod-auth-mellon
Architecture: source
Version: 0.14.2-1ubuntu2
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
libapache2-mod-auth-mellon (0.14.2-1ubuntu2) focal; urgency=medium
.
* SECURITY UPDATE: open redirect issue
- debian/patches/CVE-2019-13038-1.patch: prevent schemes without
hostname in auth_mellon_util.c.
- debian/patches/CVE-2019-13038-2.patch: add error message in
auth_mellon_util.c.
- CVE-2019-13038
Checksums-Sha1:
24f09e16d36b5d4f774230c3496476e4f6c17161 2175 libapache2-mod-auth-mellon_0.14.2-1ubuntu2.dsc
8b2812996477cdc8a850e1fb7811f54bb8919ebd 4660 libapache2-mod-auth-mellon_0.14.2-1ubuntu2.debian.tar.xz
d66452c96f32cd1cb952efdd0d86df60975ac8b0 9250 libapache2-mod-auth-mellon_0.14.2-1ubuntu2_source.buildinfo
Checksums-Sha256:
3ef9593e385da5ee42ed2883b3416ede559c0fad562049efe1ef8f0ef2b49112 2175 libapache2-mod-auth-mellon_0.14.2-1ubuntu2.dsc
0148984464ee939aa670fa447e8eb5adac1738828cdafb80fef49321f48ea979 4660 libapache2-mod-auth-mellon_0.14.2-1ubuntu2.debian.tar.xz
4588c0ecb293b80af6b7ef0b81bcb19353710285f167d8e69491180932c2bc06 9250 libapache2-mod-auth-mellon_0.14.2-1ubuntu2_source.buildinfo
Files:
d731b0cac48da6a259bf1067fbfc1c3c 2175 web optional libapache2-mod-auth-mellon_0.14.2-1ubuntu2.dsc
49e885d28319a1f531c395d6432fd643 4660 web optional libapache2-mod-auth-mellon_0.14.2-1ubuntu2.debian.tar.xz
4b7931d58e4982ae4c640b2a513dee95 9250 web optional libapache2-mod-auth-mellon_0.14.2-1ubuntu2_source.buildinfo
Original-Maintainer: Thijs Kinkhorst <thijs at debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl3YIbYACgkQZWnYVadE
vpOFExAArdcLvkmiltC5NSLSr7uk8v2iLRIrxOvYj0vGtBPeRDLlncSDc95YaM/e
PlqvjEKMD5ql+SA2HOAkEX/4tZOCCreCqcfrvq5uzHZdC2g34P/trrroqlSai06D
eTg1xdACalue/um4m/gzMNhJHndVaPcycn11RHxcwmeIu9Iv/ygqFUaiE5LpKS1J
/oQgI8tfdbg8CjM9qiPm2IINlQgEuIJsUll6uPsPdiQuWOZATVos1w/QWXGDDFTm
RBaf6EhewEKnyKXyiD+h064R8L5UPFrazQQ2oEidalNaNR1iQAMddpgW24fVbjAh
KmjbfqbeBnu0QygAe/eW2XWDPiQS8ol5Kkaq/lhgRtAw7erhjVzJWsC7neuGF+v8
ef5/xWPze1b7Ck0CJpN1TNXT0Rdhu5vj2/E6DHVlwA81wKpu4RpSYfbICAsdRpgf
ZzV9ceJUZcxtfOH5oJOHvpSrkfklmhuXVmaQWY7fEyXo5Keq1JsY/S9y5y0P4TNb
mYXM1WATQQ9sL6/QopbzihaueFIgvZl1HfmtwUo7WgEXzbmb+R/KYtZiDey+DSq/
vjVwHFB3s9/i91Ga8RKd/1VoN9TIKYfBkRYGxXmAZ03X2/INJHc4+TtADDI+ijnH
kNrnv0cOsa8vpD8IOicfHTkGwZlcAN4PaCr7s4uzaE3AFQNwLnc=
=pwkH
-----END PGP SIGNATURE-----
More information about the Focal-changes
mailing list