-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 23 Mar 2019 13:29:19 +0000 Source: libapache2-mod-auth-mellon Binary: libapache2-mod-auth-mellon Architecture: i386 Version: 0.12.0-2+deb9u1 Distribution: stretch-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Thijs Kinkhorst Description: libapache2-mod-auth-mellon - SAML 2.0 authentication module for Apache Closes: 925197 Changes: libapache2-mod-auth-mellon (0.12.0-2+deb9u1) stretch-security; urgency=high . * Upload to stable-security (closes: #925197) - Auth bypass when used with reverse proxy [CVE-2019-3878] - Open redirect vulnerability in logout [CVE-2019-3877] Checksums-Sha1: c3c7200813c30cacc05cc5a1d5144eff07ebda79 149862 libapache2-mod-auth-mellon-dbgsym_0.12.0-2+deb9u1_i386.deb 7c48c9274c5c439f875f3cc682379963c872164e 8796 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_i386.buildinfo f8d80f6a48773fb1ec60c2521d44d6e3e78a3a48 62730 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_i386.deb Checksums-Sha256: 7bc46058a795de359307f0f790e8406e57d5b80a58ee17a49c2f59567d904488 149862 libapache2-mod-auth-mellon-dbgsym_0.12.0-2+deb9u1_i386.deb 14fb9dda350bd204823072ee9333915b5815e3ee22b990a730f3954599ddf13a 8796 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_i386.buildinfo fe87ebfb4a231a0aa7631e215fccdbc954ac58c2583e78d67c6fbc4bcb5dda57 62730 libapache2-mod-auth-mellon_0.12.0-2+deb9u1_i386.deb Files: a8bf2a15548beb52a17e91aa7bd0c882 149862 debug extra libapache2-mod-auth-mellon-dbgsym_0.12.0-2+deb9u1_i386.deb 46449e669239393f7851298be8c7dced 8796 web extra libapache2-mod-auth-mellon_0.12.0-2+deb9u1_i386.buildinfo 71d0838e058f0d6cf1a0dd4882926b15 62730 web extra libapache2-mod-auth-mellon_0.12.0-2+deb9u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfQCLkDuIfHLCXwkJVmLYJthWcBwFAlyWPyQACgkQVmLYJthW cBzaMA/9F7Yy3nL1grGj5CSa6m/HcKCaLNJnX+BIUjXFHD5uS40Hy2XE0sebORI6 Ezg+plH9pRZQ28hkGXF8+oPk0z2q90WYuIvuN32vxApa90JAvxfNbWdX5UIUtElo lisY/pYGKuekM7Y0lmx4pWG+bWe5jtaLDYOHQ0smRSdeD5tqZRij4y2If4JqZPT+ QM9U9qBBd01it7HlICZFhXSglF+u05OzyvjC3WYAeERs+grw6nBE+sLLy5qribDy B6PtcCsoLyJt0UAQAeKOHZRQqJepawgMfIum22C+Wxit8eeoApntEc4ATL1+fHxs F0MauBWahOy8bR6XhWnUqxyeA7VPhIfDqtsludKr/O9qsN/0Q7lnqaR3vYd5ju6I U52aAcL3iUAmNBb24hMSzksJ95aZ7kC8rbyYfq68OdQWbd9+niZh9lypPpBql6+E d7RMyWZgCq9TYwMtIyIYLDG0rcaip2ZJXEfZS0gmGJ5hOmhEEmUnBOa19/oRKymC OiAAOvL0G156EzaMBI2BNl7qi9c7J5jh+SOGeed16KrgMHsLKl+NrZbjfutqUbrQ WYOhQvL/RYZ7uTwNqC89Q4DKI/arkgPRd/xinrojIrXDf+oQG1hzzlJy7Zz5czzJ 5DTP7DtUIXDGKNr08QEWMFTgyqR+XkJvKcpbkErQ5G2sjASxZMA= =JJon -----END PGP SIGNATURE-----