-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 23 Mar 2019 13:29:19 +0000
Source: libapache2-mod-auth-mellon
Binary: libapache2-mod-auth-mellon
Architecture: source amd64
Version: 0.12.0-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description:
 libapache2-mod-auth-mellon - SAML 2.0 authentication module for Apache
Closes: 925197
Changes:
 libapache2-mod-auth-mellon (0.12.0-2+deb9u1) stretch-security; urgency=high
 .
   * Upload to stable-security (closes: #925197)
     - Auth bypass when used with reverse proxy [CVE-2019-3878]
     - Open redirect vulnerability in logout [CVE-2019-3877]
Checksums-Sha1:
 6b58cccf0123920c81ab5ea148fbb40dc9de3487 1799 libapache2-mod-auth-mellon_0.12.0-2+deb9u1.dsc
 3d5cd4137154a7c848d8f3121e6497b88dc5f23e 136754 libapache2-mod-auth-mellon_0.12.0.orig.tar.gz
 15bf0a185fb83b1da0660f0bae34d3f0ddb3ab7b 6640 libapache2-mod-auth-mellon_0.12.0-2+deb9u1.debian.tar.xz
 56716663f443f1301e87e84b1f00064d383c934e 163958 libapache2-mod-auth-mellon-dbgsym_0.12.0-2+deb9u1_amd64.deb
 3c897efefc7ee77fa5e4cef23c5f80bacfab6388 8795 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_amd64.buildinfo
 dd08aa9ce8213c8820d5ad6a594462a3b38c5687 60402 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_amd64.deb
Checksums-Sha256:
 0d155da72f3497c190c829fb5296c19a774b57d9b6ac431b44e8380062263e96 1799 libapache2-mod-auth-mellon_0.12.0-2+deb9u1.dsc
 981c225ee97a3c11abb0237158c5c0c9b1248031adb195ae61b0a70d5d740ff1 136754 libapache2-mod-auth-mellon_0.12.0.orig.tar.gz
 a95c0b69ce8cfc766feb01d66202fae7bfe9e621794d6eeee1802cc2ba291737 6640 libapache2-mod-auth-mellon_0.12.0-2+deb9u1.debian.tar.xz
 26d3f7ace3badd23b40412fe5754f48082d64e20e573c5b15b35e23d96670cc7 163958 libapache2-mod-auth-mellon-dbgsym_0.12.0-2+deb9u1_amd64.deb
 2666969f1ef39ef4f110b995c993b277411562297ae69b105ab93028a8d5720f 8795 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_amd64.buildinfo
 ef256ace25c5cceec03b3e09883e54bf001ace8d44beb0cbaf46adb322ac1cdb 60402 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_amd64.deb
Files:
 ecb906559ebde9da58030606c99a1610 1799 web extra libapache2-mod-auth-mellon_0.12.0-2+deb9u1.dsc
 6c1057847c06d433d4d4a4f55cca1740 136754 web extra libapache2-mod-auth-mellon_0.12.0.orig.tar.gz
 c2c165a74981eca6728ad62eda72fbb6 6640 web extra libapache2-mod-auth-mellon_0.12.0-2+deb9u1.debian.tar.xz
 4211ae7fbcd9e0ee4417e84bfe5005fe 163958 debug extra libapache2-mod-auth-mellon-dbgsym_0.12.0-2+deb9u1_amd64.deb
 b02f5aeecca00dc3a16399ef6d3bb5d3 8795 web extra libapache2-mod-auth-mellon_0.12.0-2+deb9u1_amd64.buildinfo
 e3c73a06fa0402426d0c131b93dc7d5a 60402 web extra libapache2-mod-auth-mellon_0.12.0-2+deb9u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQFFBAEBCAAvFiEEeANVtepr/II1qZxLVvYaeUAdrAQFAlyWOB0RHHRoaWpzQGRl
Ymlhbi5vcmcACgkQVvYaeUAdrAQeZwgAoBSOIfjFQfK9LD9ZNjxUMpdoZ9ejAJww
idxSaNStywLkPoCWNBnIkQZX16C8/NBw8fNfNDRR85zpHDsMT2xr8txSS4TvgEi2
2DHyokBDbxOowFbckFc04cRw1G2yXveKydvjXFO2AZN/Zj5O6I6SDpAlvhO6fG7a
8M1QWxNeS4AHnQbavQg7PHa9sXyyNEL1zyU49v/RynkzwCrwA0vLh/sIddSpHVWF
t5jqD4Qj/PxozY84D0kdMeGiSBfnnQxZZICMpe2XfsIYtTL/ePIWgjExdbSaAsAb
CUgaYv9aNfj+QPkYm41THgyoUzG5y4IUn7y/YxsRCJBdDh9g8PswZw==
=cik0
-----END PGP SIGNATURE-----