Package "libapache2-mod-auth-mellon"

  libapache2-mod-auth-mellon (0.13.1-1ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: open redirect vulnerability
    - debian/patches/CVE-2021-3639.patch: prevent redirect to URLs that
      begin with /// in auth_mellon_util.c.
    - CVE-2021-3639

 -- Marc Deslauriers <email address hidden> Wed, 04 Aug 2021 10:17:24 -0400

  libapache2-mod-auth-mellon (0.13.1-1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: open redirect issue
    - debian/patches/CVE-2019-13038-1.patch: prevent schemes without
      hostname in auth_mellon_util.c.
    - debian/patches/CVE-2019-13038-2.patch: add error message in
      auth_mellon_util.c.
    - CVE-2019-13038

 -- Marc Deslauriers <email address hidden> Fri, 22 Nov 2019 12:44:27 -0500

  libapache2-mod-auth-mellon (0.13.1-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Open redirect in logout
    - debian/patches/CVE-2019-3877.patch: fix in
      auth_mellon_util.c.
    - CVE-2019-3877
  * SECURITY UPDATE: Authentication bypass
    - debian/patches/CVE-2019-3878.patch: fix in
      mod_auth_mellon.c.
    - CVE-2019-3878

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 27 Mar 2019 10:36:21 -0300