-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 18 Apr 2024 14:27:26 +0200
Source: libapache2-mod-auth-openidc
Binary: libapache2-mod-auth-openidc libapache2-mod-auth-openidc-dbgsym
Architecture: arm64
Version: 2.4.9.4-0+deb11u4
Distribution: bullseye
Urgency: high
Maintainer: arm Build Daemon (arm-conova-03) <buildd_arm64-arm-conova-03@buildd.debian.org>
Changed-By: Moritz Schlarb <schlarbm@uni-mainz.de>
Description:
 libapache2-mod-auth-openidc - OpenID Connect authentication module for Apache
Closes: 1064183
Changes:
 libapache2-mod-auth-openidc (2.4.9.4-0+deb11u4) bullseye; urgency=high
 .
   * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks
     cookie value made the server vulnerable to a Denial of Service (DoS)
     attack. If an attacker manipulated the value of the OpenIDC cookie to a
     very large integer like 99999999, the server struggled with the request for
     a long time and finally returned a 500 error. Making a few requests of this
     kind caused servers to become unresponsive, and so attackers could thereby
     craft requests that would make the server work very hard and/or crash with
     minimal effort. (Closes: #1064183)
Checksums-Sha1:
 01ad22ff0eabcd24c2acc0031a4338ad7ab7a1da 331340 libapache2-mod-auth-openidc-dbgsym_2.4.9.4-0+deb11u4_arm64.deb
 3b8b3270b8b58e5913e48ac365f7a5be7adaab52 8209 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_arm64-buildd.buildinfo
 85e0044da85093fb5e3b6e3922ad709892077141 168696 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_arm64.deb
Checksums-Sha256:
 a5ac56cdf68ef308f9917fb9f37f29db3555ba0339181e9787d8d7494ccf1608 331340 libapache2-mod-auth-openidc-dbgsym_2.4.9.4-0+deb11u4_arm64.deb
 ba3773702b3774582e82a723e512be659f89e5f3d78a2f8edb8f2fe425d97c30 8209 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_arm64-buildd.buildinfo
 17eafba3ddf7a7ad8bfb958880bb5fffdbad77808bccf071ec3d8a1faa0992c0 168696 libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_arm64.deb
Files:
 3aeccbdfd0f151ca2a7e7d228c342ec1 331340 debug optional libapache2-mod-auth-openidc-dbgsym_2.4.9.4-0+deb11u4_arm64.deb
 786bdde3c02c48649baa5151b89eafe8 8209 httpd optional libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_arm64-buildd.buildinfo
 caa3258d7ca7ab2331d261e42ec216f0 168696 httpd optional libapache2-mod-auth-openidc_2.4.9.4-0+deb11u4_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEU81tY/BC8e+eAeWhLffeOnPnbLUFAmYmz84ACgkQLffeOnPn
bLWvig/+I6Y2vF1cznVScOy1te/MbcLndfUWSr0zTu/W4FgzqWvY1TWk50sCbPBl
/kRTVQCzzM5478b4P6x4lcbtSuYhV5oVIhyIoAHPEgylbUftzVjK+p1uzdUTmq57
BuuOMQxzzo7tcfi1JNXXs4s83INYEkqfth+IAGa0rQwTPzoMTUrod5c+0V0Zy25O
Z9zq5sqeIlMEdheEW6PY5PeihRJKXdqXr/mqCr50vPgr+hu/xEGrKzcd+xmx5PQm
fs2WZYnyeioWpzHgdC8OpWkdHPQO6kDHN59xbLhU5Kbnafk9eSRhr9pR6fZGd7n4
d3d0BV/SfujdSufLw1leX4NNy5nt3Efw9/1QQO4WlRfw+9dKx7JVry7MVRsObGNc
4/rbLPjEKf9YqAlIYjhX5DXfLUusfHW/xJzIUisLtR9VY5yIDSB7tSV1+/0XSuRI
0PF8QYdkTa+zYm/kMHfyr0bjfF7x+uUH3v1fKO7+3KLFdfj4ISaJAmNOF6FFdY6I
f5qwQaHG/WI31PLst0w90/X2Dn36a6scE0qZPOOHlDy9vO6ycFGq95dKPUBkOMTQ
tq0AKaxIUKHulhiWNyG+/+G5svYRik017k54nD5KKeQlZ2iVQC9plR4yilQTh4H1
QVkH4GN55sHzt0b2D9dZdJ5qTTjiExjTT4pYab33JhkXJYaEIV8=
=Eh2h
-----END PGP SIGNATURE-----