-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 23 Mar 2019 13:29:19 +0000
Source: libapache2-mod-auth-mellon
Binary: libapache2-mod-auth-mellon
Architecture: ppc64el
Version: 0.12.0-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) <buildd_ppc64el-ppc64el-osuosl-01@buildd.debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description:
 libapache2-mod-auth-mellon - SAML 2.0 authentication module for Apache
Closes: 925197
Changes:
 libapache2-mod-auth-mellon (0.12.0-2+deb9u1) stretch-security; urgency=high
 .
   * Upload to stable-security (closes: #925197)
     - Auth bypass when used with reverse proxy [CVE-2019-3878]
     - Open redirect vulnerability in logout [CVE-2019-3877]
Checksums-Sha1:
 493cfb962e8aefae694cb6ecda1ce6a70d0ccc7e 169254 libapache2-mod-auth-mellon-dbgsym_0.12.0-2+deb9u1_ppc64el.deb
 7f3e6286a406bd10e683083808e82d7ba0308b86 8721 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_ppc64el.buildinfo
 c4ceb99ab08a4d0f7184ea7329fc4e98bc5e1b63 56686 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_ppc64el.deb
Checksums-Sha256:
 08058d1fe32f140c039d694a7784b51dc27c76e3f5c22307de01a33b3f573274 169254 libapache2-mod-auth-mellon-dbgsym_0.12.0-2+deb9u1_ppc64el.deb
 f779e2a5192fcd2aeea8513055512bcda352d2d533d533807933dd612a465344 8721 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_ppc64el.buildinfo
 15278227affed0ec95777f8603611d90e133be7ccc955ec6659c707b78cfd0dd 56686 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_ppc64el.deb
Files:
 0898789543c83f36630ff0f3751580c6 169254 debug extra libapache2-mod-auth-mellon-dbgsym_0.12.0-2+deb9u1_ppc64el.deb
 f63ee13cf27b61b5f99c255344c74236 8721 web extra libapache2-mod-auth-mellon_0.12.0-2+deb9u1_ppc64el.buildinfo
 4a4ce82ae72df9882b5dfccf701fa99a 56686 web extra libapache2-mod-auth-mellon_0.12.0-2+deb9u1_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEESZnjoMixcpIN39XaTBEvRMBfwSMFAlyWP24ACgkQTBEvRMBf
wSOQhw//XIvML6H97lr/pFPA4uLLPI10haf8L4uRNlb3EK3qBypTXpixQ7oLDlI+
JK3J+n5kSCMmjHr9T/53M4ZWS2PMYOArH0d5Jkv4rNIHgHkIjlqlzjMZEjChvTkd
MYdLqC5KMKYV8hslaOaH9YOOuCe3PD9huq/JT03mtBn+6VdnC9LtPw1z+ygP/vgP
D2kMXPeeTk6I9v5hUBtXNZlw+2XOM5BKMC4h/vHKK/+r3JAhBjJun0QBNmp+OkBh
5AQbuRjWXWTnbM71p2GaQIec3YB5IVZy1z+lF4amlFuRYpU/2IccVJvFdRTfHAop
HxTh2/SV+gXsXwh+V9vBMeLi4wnfiJjz3YUNB87H9lzpsUW7EwZPwv/o19Naz23y
e6uTvBeKZWNVzQq0Mpm8BZi/iVl8r3IWyBo1JsoJWPaCYdGSMk6LxTO0oufeV7sT
oaed3G2WpKd2eAk2bD3oH+D+PBtl+C8e9OqIRFyTocgcmtYBD0hivgpqutpdesVd
5JmtMrwGMkNJKlV42LvdXTf3S1zj1YdpXHWO2w863F51e2Zw7DNfp7EJXSC2mucD
y4YcorYNqKgjgpynwJxrLxtqj5s4OACUfnBlXA7OAl3NUIQsk/RfwrZpClQfzg1F
ydDJenJUcECvx02GdASi8vSAstvyVkaCCYfLjE/iyVPZrYr0kWs=
=D3zq
-----END PGP SIGNATURE-----