Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: libapache2-mod-auth-open...@packages.debian.org Control: affects -1 + src:libapache2-mod-auth-openidc
Please unblock package libapache2-mod-auth-openidc Fixes CVE-2023-28625 "segfault DoS when OIDCStripCookies is set". [ Reason ] Fixes #1033916 by fixing CVE-2023-28625. [ Impact ] The CVE with Base Score: 7.5 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H would persist in the new stable release. [ Tests ] The patch has been verified by upstream and I have successfully tested the new package version in our infrastructure. [ Risks ] The newly added patch changes just two lines by adding a null pointer check. I don't see anything getting worse by that. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock libapache2-mod-auth-openidc/2.4.12.3-2
