libapache2-mod-auth-mellon (0.13.1-1ubuntu0.3) bionic-security; urgency=medium * SECURITY UPDATE: open redirect vulnerability - debian/patches/CVE-2021-3639.patch: prevent redirect to URLs that begin with /// in auth_mellon_util.c. - CVE-2021-3639 -- Marc Deslauriers Wed, 04 Aug 2021 10:17:24 -0400 libapache2-mod-auth-mellon (0.13.1-1ubuntu0.2) bionic-security; urgency=medium * SECURITY UPDATE: open redirect issue - debian/patches/CVE-2019-13038-1.patch: prevent schemes without hostname in auth_mellon_util.c. - debian/patches/CVE-2019-13038-2.patch: add error message in auth_mellon_util.c. - CVE-2019-13038 -- Marc Deslauriers Fri, 22 Nov 2019 12:44:27 -0500 libapache2-mod-auth-mellon (0.13.1-1ubuntu0.1) bionic-security; urgency=medium * SECURITY UPDATE: Open redirect in logout - debian/patches/CVE-2019-3877.patch: fix in auth_mellon_util.c. - CVE-2019-3877 * SECURITY UPDATE: Authentication bypass - debian/patches/CVE-2019-3878.patch: fix in mod_auth_mellon.c. - CVE-2019-3878 -- Leonidas S. Barbosa Wed, 27 Mar 2019 10:36:21 -0300 libapache2-mod-auth-mellon (0.13.1-1build2) bionic; urgency=medium * No-change rebuild against libcurl4 -- Steve Langasek Wed, 28 Feb 2018 07:03:42 +0000 libapache2-mod-auth-mellon (0.13.1-1build1) bionic; urgency=high * No change rebuild against openssl1.1. -- Dimitri John Ledkov Mon, 05 Feb 2018 22:32:52 +0000 libapache2-mod-auth-mellon (0.13.1-1) unstable; urgency=medium * New upstream release. - Obsoles backported security patches. * Checked for policy 4.0.0, no changes necessary. -- Thijs Kinkhorst Sun, 09 Jul 2017 14:13:45 +0000 libapache2-mod-auth-mellon (0.12.0-2) unstable; urgency=high * Backport upstream patches for security issues: - Fix a denial of service attack in the logout handler. - Fix a cross-site session transfer vulnerability [CVE-2017-6807]. -- Thijs Kinkhorst Mon, 13 Mar 2017 13:06:19 +0000 libapache2-mod-auth-mellon (0.12.0-1) unstable; urgency=high * New upstream release. - Fixes Denial of Service issues [CVE-2016-2145, CVE-2016-2146]. * Checked for policy 3.6.7, no changes. -- Thijs Kinkhorst Wed, 09 Mar 2016 10:13:05 +0000 libapache2-mod-auth-mellon (0.11.0-1) unstable; urgency=medium * New upstream release. * Depend on authn_core in Apache module definition, it's needed for the "AuthType" command to work. -- Thijs Kinkhorst Fri, 18 Sep 2015 13:23:06 +0000 libapache2-mod-auth-mellon (0.10.0-1) unstable; urgency=medium * New upstream release. * Update Standards-Version to 3.9.6, no changes required. -- Thijs Kinkhorst Wed, 29 Apr 2015 14:26:09 +0000 libapache2-mod-auth-mellon (0.9.1-1) unstable; urgency=medium * New upstream release. Fixes CVE-2014-8566. -- Thijs Kinkhorst Mon, 01 Sep 2014 10:24:58 +0000 libapache2-mod-auth-mellon (0.9.0-1) unstable; urgency=medium * New upstream release. Fixes CVE-2014-8567. * Upstream moved to github: update homepage, watch and copyright. * Switched to collab-maint: update Vcs-* fields. -- Thijs Kinkhorst Fri, 29 Aug 2014 13:13:12 +0000 libapache2-mod-auth-mellon (0.7.0-1) unstable; urgency=low * New upstream release. - Incorporates ap-2.4-compat.patch. -- Thijs Kinkhorst Wed, 05 Jun 2013 12:58:50 +0200 libapache2-mod-auth-mellon (0.6.1-3) unstable; urgency=low * Upload to unstable. -- Thijs Kinkhorst Mon, 27 May 2013 16:30:08 +0200 libapache2-mod-auth-mellon (0.6.1-2) experimental; urgency=low * Rebuild for Apache 2.4. -- Thijs Kinkhorst Tue, 07 May 2013 10:41:42 +0200 libapache2-mod-auth-mellon (0.6.1-1) unstable; urgency=low * New upstream release 0.6.1. -- Thijs Kinkhorst Fri, 22 Mar 2013 13:23:40 +0100 libapache2-mod-auth-mellon (0.6.0-1) unstable; urgency=low * New upstream release 0.6.0. -- Thijs Kinkhorst Mon, 18 Mar 2013 09:55:00 +0100 libapache2-mod-auth-mellon (0.6.0~rc1-1) unstable; urgency=low * Add self as Debian package maintainer. * Update to debhelper 9, dh(1), policy 3.9.4, source format 3. -- Thijs Kinkhorst Wed, 06 Mar 2013 18:46:04 +0100 libapache2-mod-auth-mellon (0.5.0-1) unstable; urgency=low * Update version to 0.5.0. -- Olav Morken Fri, 09 Mar 2012 12:11:29 +0100 libapache2-mod-auth-mellon (0.4.0-1) unstable; urgency=low * Update version to 0.4.0. -- Olav Morken Wed, 18 May 2011 12:41:53 +0200 libapache2-mod-auth-mellon (0.3.0-1) unstable; urgency=low * Update version to 0.3.0. -- Olav Morken Thu, 12 Aug 2010 12:52:21 +0200 libapache2-mod-auth-mellon (0.2.7-1) unstable; urgency=low * Update version to 0.2.7. -- Olav Morken Mon, 31 May 2010 14:44:17 +0200 libapache2-mod-auth-mellon (0.2.6-1) unstable; urgency=low * Update version to 0.2.6. -- Olav Morken Mon, 16 Nov 2009 08:22:23 +0100 libapache2-mod-auth-mellon (0.2.5-1) unstable; urgency=low * Update version to 0.2.5. -- Olav Morken Mon, 16 Nov 2009 08:22:23 +0100 libapache2-mod-auth-mellon (0.2.4-1) unstable; urgency=low * Update version to 0.2.4. -- Olav Morken Tue, 11 Aug 2009 15:48:35 +0200 libapache2-mod-auth-mellon (0.2.3-1) unstable; urgency=low * Update version to 0.2.3. -- Olav Morken Fri, 07 Aug 2009 14:52:53 +0200 libapache2-mod-auth-mellon (0.2.2-1) unstable; urgency=low * Update version to 0.2.2. -- Olav Morken Fri, 07 Aug 2009 10:43:31 +0200 libapache2-mod-auth-mellon (0.2.0-1) unstable; urgency=low * Update version to 0.2.0. -- Olav Morken Wed, 13 May 2009 07:57:09 +0100 libapache2-mod-auth-mellon (0.1.1-1) unstable; urgency=low * Update version to 0.1.1. -- Olav Morken Fri, 6 Mar 2009 08:57:16 +0100 libapache2-mod-auth-mellon (0.1.0-1) unstable; urgency=low * Update version to 0.1.0. -- Olav Morken Tue, 11 Nov 2008 21:50:25 +0100 libapache2-mod-auth-mellon (0.0.7-1) unstable; urgency=low * Update version to 0.0.7. -- Olav Morken Tue, 1 Jul 2008 15:45:23 +0200 libapache2-mod-auth-mellon (0.0.6-1) unstable; urgency=low * Update version to 0.0.6. -- Olav Morken Wed, 15 Aug 2007 14:03:23 +0200 libapache2-mod-auth-mellon (0.0.5-1) unstable; urgency=low * Update version to 0.0.5. -- Olav Morken Wed, 8 Aug 2007 11:36:13 +0200 libapache2-mod-auth-mellon (0.0.4-1) unstable; urgency=low * Update version to 0.0.4. -- Olav Morken Tue, 7 Aug 2007 10:30:43 +0200 libapache2-mod-auth-mellon (0.0.3-1) unstable; urgency=low * Update version to 0.0.3. -- Olav Morken Fri, 13 Jul 2007 14:30:05 +0200 libapache2-mod-auth-mellon (0.0.2-1) unstable; urgency=low * Update version to 0.0.2. -- Olav Morken Tue, 10 Jul 2007 08:55:49 +0200 libapache2-mod-auth-mellon (0.0.1-1) unstable; urgency=low * Initial release -- Olav Morken Mon, 9 Jul 2007 09:52:45 +0200