-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 23 Mar 2019 13:29:19 +0000 Source: libapache2-mod-auth-mellon Binary: libapache2-mod-auth-mellon Architecture: mips Version: 0.12.0-2+deb9u1 Distribution: stretch-security Urgency: high Maintainer: mips Build Daemon (mips-aql-04) Changed-By: Thijs Kinkhorst Description: libapache2-mod-auth-mellon - SAML 2.0 authentication module for Apache Closes: 925197 Changes: libapache2-mod-auth-mellon (0.12.0-2+deb9u1) stretch-security; urgency=high . * Upload to stable-security (closes: #925197) - Auth bypass when used with reverse proxy [CVE-2019-3878] - Open redirect vulnerability in logout [CVE-2019-3877] Checksums-Sha1: bbb0f165df61478f884c06454b6f3fc924ae3519 167870 libapache2-mod-auth-mellon-dbgsym_0.12.0-2+deb9u1_mips.deb bf4bd4f0dfa9fc3bee008581ffc5ee42f6f8c2d6 8604 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_mips.buildinfo b9761a9fbd2b567b50127c209519552688a2300e 56296 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_mips.deb Checksums-Sha256: 471599a71cde34e6bf271eff4ac2b929c185156b61cd2b0a34251569d5e969e2 167870 libapache2-mod-auth-mellon-dbgsym_0.12.0-2+deb9u1_mips.deb ed873adcfcd0cc60837420272cecefb128681eca02167de9d65db8cc35937476 8604 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_mips.buildinfo fdb95d1e5bd0c27bf12f51aa632d906ae0a379571a1dcb62b0ab23137715830b 56296 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_mips.deb Files: 1b6b14d7aec17ba67f15ceae39279945 167870 debug extra libapache2-mod-auth-mellon-dbgsym_0.12.0-2+deb9u1_mips.deb 18b9447326910ef23b52fbfcf893f525 8604 web extra libapache2-mod-auth-mellon_0.12.0-2+deb9u1_mips.buildinfo 69a5a625b6cacf66c4fc485683315e82 56296 web extra libapache2-mod-auth-mellon_0.12.0-2+deb9u1_mips.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEER+WrL15MgKuJRVgp8tZ5pWJjENcFAlyWQ34ACgkQ8tZ5pWJj ENd4bw//ck3/7wyogkJMCVuHFjiOIu5bEqOtnFZIoqbTt1XwbAkggXcLBNvYBk34 Q+Pc/qSDrFZL4yt7fxS8zqQc7eVPpUQrojVQrhzwCLg2Xtdw7K5DKgyTb2hPrqng bNlXYj5uivMeVYMfNjgtmlxFFB5ZP+tifbkbpClKFuduiYNLO8FUGOnr0qdC8v3O kiujAlSlbxa1zpNG65Pavvl4MNHhgsOwXkKL2/GIGCWGbIvdGwLePhazJfxCzQVD CR6vyW4ooK092Q8gNavROebmT23kA5xGzT/y4cZ9jTl0zQ5jNn9v1+hIRkDG9I/r TuIAKs6lYw8hF8TWPloGchrFJpTOaP0vlFh+o9xhIGsXZDzHG44XPBwmWFEcF7vE RPAHJamch2VZlmjiQBD5ifeivjH62SzpwSLKBPT/Rl/NNtgNo+I7Rucnhyu3mmfz j74J3sClgca0djfwujM/DNhqVdThpOkyIf0Zl7fYoj42c019+LA30pdU9eJrteiF yoOqlSYzGGwrpFu9nzZdbgcdC9k+ftso7pl2kXbnSCkSwAZIt1xzMp0X9vIddsxS 5eQcvZL7I1rZyU7Vc4yiHT74iM07pD+8STZxX+1M/CDsVE0E+0YFN+Asm0Xe2CED ITFIwzSUwEm1KDlt276/2MLc/yaiMkEw15i619zn7Foh0cwpAys= =T6/Z -----END PGP SIGNATURE-----