-
libapache2-mod-auth-mellon (0.12.0-2+deb9u1) stretch-security; urgency=high
* Upload to stable-security (closes: #925197)
- Auth bypass when used with reverse proxy [CVE-2019-3878]
- Open redirect vulnerability in logout [CVE-2019-3877]
-- Thijs Kinkhorst <email address hidden> Sat, 23 Mar 2019 13:29:19 +0000
-
libapache2-mod-auth-mellon (0.12.0-2) unstable; urgency=high
* Backport upstream patches for security issues:
- Fix a denial of service attack in the logout handler.
- Fix a cross-site session transfer vulnerability [CVE-2017-6807].
-- Thijs Kinkhorst <email address hidden> Mon, 13 Mar 2017 13:06:19 +0000
-
libapache2-mod-auth-mellon (0.12.0-1) unstable; urgency=high
* New upstream release.
- Fixes Denial of Service issues [CVE-2016-2145, CVE-2016-2146].
* Checked for policy 3.6.7, no changes.
-- Thijs Kinkhorst <email address hidden> Wed, 09 Mar 2016 10:13:05 +0000
-
libapache2-mod-auth-mellon (0.11.0-1) unstable; urgency=medium
* New upstream release.
* Depend on authn_core in Apache module definition, it's needed
for the "AuthType" command to work.
-- Thijs Kinkhorst <email address hidden> Fri, 18 Sep 2015 13:23:06 +0000
-
libapache2-mod-auth-mellon (0.10.0-1) unstable; urgency=medium
* New upstream release.
* Update Standards-Version to 3.9.6, no changes required.
-- Thijs Kinkhorst <email address hidden> Wed, 29 Apr 2015 14:26:09 +0000
-
libapache2-mod-auth-mellon (0.9.1-1) unstable; urgency=medium
* New upstream release.
-- Thijs Kinkhorst <email address hidden> Mon, 01 Sep 2014 10:24:58 +0000
