Publishing details

Changelog

libapache2-mod-auth-mellon (0.12.0-2+deb9u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

libapache2-mod-auth-mellon (0.12.0-2+deb9u1) stretch-security; urgency=high

  * Upload to stable-security (closes: #925197)
    - Auth bypass when used with reverse proxy [CVE-2019-3878]
    - Open redirect vulnerability in logout [CVE-2019-3877]

libapache2-mod-auth-mellon (0.12.0-2) unstable; urgency=high

  * Backport upstream patches for security issues:
    - Fix a denial of service attack in the logout handler.
    - Fix a cross-site session transfer vulnerability [CVE-2017-6807].

 -- Eduardo Barretto <email address hidden>  Wed, 21 Oct 2020 16:38:13 -0300

Available diffs

Builds

Built packages

Package files