-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 23 Mar 2019 13:29:19 +0000 Source: libapache2-mod-auth-mellon Binary: libapache2-mod-auth-mellon Architecture: mipsel Version: 0.12.0-2+deb9u1 Distribution: stretch-security Urgency: high Maintainer: mipsel Build Daemon (mipsel-aql-01) Changed-By: Thijs Kinkhorst Description: libapache2-mod-auth-mellon - SAML 2.0 authentication module for Apache Closes: 925197 Changes: libapache2-mod-auth-mellon (0.12.0-2+deb9u1) stretch-security; urgency=high . * Upload to stable-security (closes: #925197) - Auth bypass when used with reverse proxy [CVE-2019-3878] - Open redirect vulnerability in logout [CVE-2019-3877] Checksums-Sha1: 34e5c606cc43c468c5f9e115527654a60492863a 161206 libapache2-mod-auth-mellon-dbgsym_0.12.0-2+deb9u1_mipsel.deb a7bf85a0d752532db5bb7472445b1d93e0c7d1aa 8620 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_mipsel.buildinfo 9e6ea3d76d0dfee0e837d28d3ea9b61c53c492cc 56856 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_mipsel.deb Checksums-Sha256: 96087ff7ea6e759ebb26e98e6993e0ebc76fe3b19a57a08ae75213db417e1db3 161206 libapache2-mod-auth-mellon-dbgsym_0.12.0-2+deb9u1_mipsel.deb e8b6e8df053bbdd6e6e9dfef710b9eb4ade0f513e52bffb2f4da7cdb99d3b98f 8620 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_mipsel.buildinfo 875608f09f6e12251253aa2a1dc02b1e9bd536cc766066d2f3c83666dad15180 56856 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_mipsel.deb Files: 2c0d3db0d63daaa4f2f5d206e6807a62 161206 debug extra libapache2-mod-auth-mellon-dbgsym_0.12.0-2+deb9u1_mipsel.deb a31063266a646014c74d2f42f59ca34f 8620 web extra libapache2-mod-auth-mellon_0.12.0-2+deb9u1_mipsel.buildinfo 51f5f508e9f4e531c0bcd674cf70e9aa 56856 web extra libapache2-mod-auth-mellon_0.12.0-2+deb9u1_mipsel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEET5zdIvcPfoHKbW2aY8NzH4NaAmIFAlyWQDQACgkQY8NzH4Na AmKpjw/+Ixdbwc0Dr7+NlXdNGmaJr6CYM5ffOM32/y8UBTqT8r7CrhSS3FS1pvia 5ErIsp3rKEYUev6qdXMVs4LX/i5gTJip3Bud93we3X69Jz2RUvilK1QeBbSkx6mt 2EChKr/YzHwZ87NtgrpJ4UulhHXhdMsRvJDZgKR4Ngo6M3ufl7SXqgu0XIew50vl oW8/Z4ZNnN4zJ7bB0715WCfnpxGUgWkTJ0+lwK8A6PR6rwqZN7/QOxd1dhOdmS87 zoZxhgBz6Lj0E01AtWXAk3gA61sUWKuCGNJCdFU9u/7/qAVeWEojxCvVskmIQ5Ra wNInh2K1BWHm38fAK5wpqOaBQ9X3GSKhVFpJIWEi5j27ssNTe4hngWnwDBl58ocN VOAx1Qwae9pXvhOibT97RfStrhufToSyXfchwihuPiPujpe/UMVmnY1o4B635dLg cAWQ2PoVR+Lr3K/Sh6oA02r15ioB7oUApQQYZcIllVFHZK2HafKrqeN1vqgRx23G wXUlSAdA3CBhoCLgize4TdH8Qk47iYXVdP4HwLqtYhGRKzM5pSBLOU5er1zjrJMq 0YevhpHlaF3utH4tlfYaHBh/KD1w79B+unefHyb72WWDEPJA5Oy3s0l2rK5Gm83e 2dWm84N61TvL6dOMXyk1exARF8MnKYYPB8oA6cSVNbtkImVo2HA= =hPb8 -----END PGP SIGNATURE-----