Copied from
ubuntu xenial in
Private PPA for Ubuntu Security Team
by Eduardo Barretto
Changelog
libapache2-mod-auth-mellon (0.12.0-2+deb9u1build0.16.04.1) xenial-security; urgency=medium
* fake sync from Debian
libapache2-mod-auth-mellon (0.12.0-2+deb9u1) stretch-security; urgency=high
* Upload to stable-security (closes: #925197)
- Auth bypass when used with reverse proxy [CVE-2019-3878]
- Open redirect vulnerability in logout [CVE-2019-3877]
libapache2-mod-auth-mellon (0.12.0-2) unstable; urgency=high
* Backport upstream patches for security issues:
- Fix a denial of service attack in the logout handler.
- Fix a cross-site session transfer vulnerability [CVE-2017-6807].
-- Eduardo Barretto <email address hidden> Wed, 21 Oct 2020 16:38:13 -0300