Ubuntu
libapache2-mod-auth-openid package

version 0.5 is outdated, please replace with stable version 0.7

Bug #1046185 reported by SteelPangolin on 2012-09-05

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	libapache2-mod-auth-openid (Ubuntu)	Expired	Undecided	Unassigned

Bug Description

https://github.com/bmuller/mod_auth_openid/commit/ff529a97073a689ea1ee743759465c6b745aead3 is version 0.7 of the master branch for this project. It fixes several security vulnerabilities related to the module's session cookies, and adds new features improving interop with OpenID providers that support Attribute Exchange (AX), such as Google's.

Tags:

CVE References

2012-2760

SteelPangolin (jeremy-bat-country) on 2012-09-20

visibility:

private → public

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2012-10-04:

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Changed in libapache2-mod-auth-openid (Ubuntu):
status:	New → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-12-04:

[Expired for libapache2-mod-auth-openid (Ubuntu) because there has been no activity for 60 days.]

Changed in libapache2-mod-auth-openid (Ubuntu):
status:	Incomplete → Expired

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulibapache2-mod-auth-openid package