-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 18 Apr 2024 14:20:00 +0200
Source: libapache2-mod-auth-openidc
Binary: libapache2-mod-auth-openidc libapache2-mod-auth-openidc-dbgsym
Architecture: ppc64el
Version: 2.4.12.3-2+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) <buildd_ppc64el-ppc64el-osuosl-01@buildd.debian.org>
Changed-By: Moritz Schlarb <schlarbm@uni-mainz.de>
Description:
 libapache2-mod-auth-openidc - OpenID Connect Relying Party implementation for Apache
Closes: 1064183
Changes:
 libapache2-mod-auth-openidc (2.4.12.3-2+deb12u1) bookworm; urgency=medium
 .
   * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks
     cookie value made the server vulnerable to a Denial of Service (DoS)
     attack. If an attacker manipulated the value of the OpenIDC cookie to a
     very large integer like 99999999, the server struggled with the request for
     a long time and finally returned a 500 error. Making a few requests of this
     kind caused servers to become unresponsive, and so attackers could thereby
     craft requests that would make the server work very hard and/or crash with
     minimal effort. (Closes: #1064183)
Checksums-Sha1:
 dc4a9232f13ff3dce71a72f66eb80ff7f37f13eb 349000 libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_ppc64el.deb
 687a2760ce62bfed04771a4fa20f524d0701e854 7982 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_ppc64el-buildd.buildinfo
 f379c402f36dd771ca1bda6bec758b1220155822 189844 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_ppc64el.deb
Checksums-Sha256:
 c2b1361e00f00523d8947a8ff3ea406396f58f4c434ca289f81b89d68ba3181a 349000 libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_ppc64el.deb
 a36a079541daebc6984af86152dd40d83ebc8862f40ff80fe004841b82b84a4e 7982 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_ppc64el-buildd.buildinfo
 e275d74a1f8f13dba4557254ed09ae725e9c141630f3c22a29a2963684562637 189844 libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_ppc64el.deb
Files:
 12bf6cab95d64a1fb26e993451786a11 349000 debug optional libapache2-mod-auth-openidc-dbgsym_2.4.12.3-2+deb12u1_ppc64el.deb
 9ce6b34adff6f052cea4c8657007fefd 7982 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_ppc64el-buildd.buildinfo
 a58cffb1ca60a3c439e74a5e155c4ac0 189844 httpd optional libapache2-mod-auth-openidc_2.4.12.3-2+deb12u1_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE5hbnFkJlczvLwwS0Y7DdE4sWZ/UFAmYmm4wACgkQY7DdE4sW
Z/Wwyw/+LfKFmnjwpOuyRh+enGdXn9lA8ZE+4vVGex9QRMCt+ek+NINIZ6t2QsNa
3ATpZ07Dj8l8x5vEvddpZX+QuCip6Ki2mFwI5RiqwywpIUIUkigTOpXSMbX9lpEo
nhJ8J3UeVFLVLRdo6Bx62qsO5hJJoscx/jrJPrBO7T5o3WWsOknz161qR6gr0eB1
tU73xuefzjbu8B9T9AzIC672wFjpx8iW6vqks9CKA25u7sg9pZDg3LFR27PSTT4L
dFnLYEbNHFzftFUyhscEyqMP/oRoQrGewr3WeygXws9ABFqpf50OXv6yYOYbEh6+
XzBHi4frpNbViJ5ezG0h1fbF9UF2ZQxCnxr8esDRT8zwc/9y7uslxjcq5tjlyqeL
bpKXpuYjaEF3rK48gcORTKLMqeSxxMIQ5pH/v8iX38ZPifSqo51cjbVBv2pTMdjm
ubHkAYdoArJzXCR2sxG96b/qO3FTFYW+AFSNBhqnhp0n64pXW076PW1WLy9HL8fm
k0zpdoftkl7gbuWXPhXG1iJuDE74n5bZHN8L5110p9HA9/6KvqTkTi7J6v6F8Bxz
Ndq5m64GzE9nr1bYXqTDuWTLQoTimRvF95PSQGstr8wYyJzZz4ZEkczjhKDy258a
84o9Be5AwjkJAsg1+FocRaaMjQ33H35nfw6lDGIFoEKqdAYg0KU=
=qsjU
-----END PGP SIGNATURE-----