Fedora has issued an advisory on December 25: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MOA67H3SS5ZRPS5SX4RJN6XE5CLFBWHB/ The issue is fixed upstream in 2.4.12.2: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53 Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOCC: (none) => nicolas.salgueroStatus comment: (none) => Fixed upstream in 2.4.12.2
Noting that ns80 is already CC'd, assigning this SRPM with no constant maintainer globally.
Assignee: bugsquad => pkg-bugs
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)Source RPM: apache-mod_auth_openidc-2.4.9.4-3.mga9.src.rpm => apache-mod_auth_openidc-2.4.9.4-1.mga8.src.rpm
openSUSE has issued an advisory for this on January 30: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/35VWK6P4EMFFBTSTFBNR74WRTYFBBBG3/
SUSE has issued an advisory on April 14: https://lists.suse.com/pipermail/sle-security-updates/2023-April/014465.html The issue is fixed upstream in 2.4.13.2: https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr Mageia 8 is also affected.
Version: 8 => CauldronWhiteboard: (none) => MGA8TOOStatus comment: Fixed upstream in 2.4.12.2 => Fixed upstream in 2.4.13.2
Summary: apache-mod_auth_openidc new security issue CVE-2022-23527 => apache-mod_auth_openidc new security issues CVE-2022-23527 and CVE-2023-28625
Debian has issued an advisory for CVE-2023-28625 on May 18: https://www.debian.org/security/2023/dsa-5405
package was updated on cauldron by ns80!
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)CC: (none) => geiger.david68210
Mageia 8 EOL
Resolution: (none) => OLDStatus: NEW => RESOLVED