-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 23 Mar 2019 13:29:19 +0000
Source: libapache2-mod-auth-mellon
Binary: libapache2-mod-auth-mellon
Architecture: armel
Version: 0.12.0-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: armel Build Daemon (hasse) <buildd_armhf-hasse@buildd.debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description:
 libapache2-mod-auth-mellon - SAML 2.0 authentication module for Apache
Closes: 925197
Changes:
 libapache2-mod-auth-mellon (0.12.0-2+deb9u1) stretch-security; urgency=high
 .
   * Upload to stable-security (closes: #925197)
     - Auth bypass when used with reverse proxy [CVE-2019-3878]
     - Open redirect vulnerability in logout [CVE-2019-3877]
Checksums-Sha1:
 9174cf40934fa710d477324f2ff0e5bc6dcf5e63 164010 libapache2-mod-auth-mellon-dbgsym_0.12.0-2+deb9u1_armel.deb
 666d526d25eb4112cc7e1d8ec8fb962fa01b932f 8675 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_armel.buildinfo
 3a4c28579ab6f0c1a9eb299fe687e2d03059c9e9 54976 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_armel.deb
Checksums-Sha256:
 6a22bb631867e0a140a2aa524f9ac14d359f386e78376f6075e773b5e2c2b010 164010 libapache2-mod-auth-mellon-dbgsym_0.12.0-2+deb9u1_armel.deb
 a6278854f58609a552cb8b4dbbc42776117c15571bf4177c6c443dbba12bf23e 8675 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_armel.buildinfo
 d31fcd4adc6b64912d70a30c460e8b3b45f62f44a98ae2b9a24c23a5531a20b1 54976 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_armel.deb
Files:
 a0cdeac09a3f1543208899e29729e148 164010 debug extra libapache2-mod-auth-mellon-dbgsym_0.12.0-2+deb9u1_armel.deb
 40952713b9b9059b5f2f55a039136c50 8675 web extra libapache2-mod-auth-mellon_0.12.0-2+deb9u1_armel.buildinfo
 557e02b880f056762a4f9dcaa4f7c68f 54976 web extra libapache2-mod-auth-mellon_0.12.0-2+deb9u1_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE2DOqsOmkVLHflSxRZpEUT33ecosFAlyWP9wACgkQZpEUT33e
cotZug//RpR4jvXfaNQvw1K9DoOMzpoP4jdCO1lobbCysxrVKedTNdJJ5FiYN+W+
wkfBJfcwEeMEOiw7gf8qJemITRAMLjuemiIrDjGmf9ipzI0gRmNVI3VBsYqefsvq
hBlYZujK7bWCsduZ+a8sT56m7I5pep+0pwCB1LXIkbtRG1zzdUC3QYyobEUaIK6P
Phv6bZkXXDRp2OzpFjYwOGhStMYR0y9V6m2gNdMqQWwxq9BZuDPbLzqT5Uz5Ac4D
VNhtGDZxtNIk+T+8oSY98maIsYHkopdc5W2ixyys+68BdrIRHJKeuInrGxH65CvB
C3p6pbOsIlKXBUkwJKdjLjrh8V6cjWXdQSagnAScZ0XNZ7WHn7VtzttL854dpGyw
OPsjL1XJlu5jIHcXLLQtjHjFVA7pSl0gauU4cjHbWgcoeyO70U21iu4EXWkY985t
RKz7O/BXOY39fvT1lqKH9wcdSFCrga6Fa0DiMn6ph1gzhpnFrWSPNPOvwR/NLb/S
sE4bct7HuSbZqoK5yD1k/P8CuqWdDfapX9VkQk2DFrS0mGpvehzTfl6JcMgb4fJN
C2a+73L766GEUR8t4gjqCpcoAzt3JGzmZ+0Zs41VoB1FQJMrIbg7sWKMacCoXP1e
bSQ7qboeicLWE65hYfKEqvEXo2aMMr2wuL+FdUSRyxHMwPCZoi4=
=19Va
-----END PGP SIGNATURE-----