FFe: Sync libapache2-mod-auth-openidc 1.5.5-1 (universe) from Debian testing (main)
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| libapache2-mod-auth-openidc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Please sync libapache2-
Explanation of FeatureFreeze exception:
- fix builds/runs on big endian machines
- improved security:
- using HttpOnly on cookies
- prevent timing attacks
- check for open redirects
- fix cache initialization/
For more detail see: https:/
Changelog entries since current utopic version 1.5.3-1:
libapache2-
* use HttpOnly on cookies; set OIDCCookiePath to /
-- Hans Zandbelt <email address hidden> Tue, 26 Aug 2014 09:23:43 +0200
libapache2-
* changelog line was too long; correct/simplify watch file
-- Hans Zandbelt <email address hidden> Thu, 14 Aug 2014 15:51:02 +0200
libapache2-
* correct debian directory for wheezy/jessie; watch file check .orig.tar.gz
-- Hans Zandbelt <email address hidden> Thu, 14 Aug 2014 15:03:52 +0200
libapache2-
* fix big endian issue
-- Hans Zandbelt <email address hidden> Thu, 14 Aug 2014 12:59:11 +0200
libapache2-
* build/test on big endian arch
-- Hans Zandbelt <email address hidden> Sun, 3 Aug 2014 22:27:07 +0200
| Hans Zandbelt (hzandbelt) wrote | #1 |
| Scott Kitterman (kitterman) wrote | #2 |
| Changed in libapache2-mod-auth-openidc (Ubuntu): | |
| status: | New → Fix Released |
while we're at it: 1.6.0-1 that goes in to Debian testing now fixes an additional build dependency issue and some more security improvements