ELSA-2022-1823 -- Oracle mod_auth_openidc_cjoseID: oval:org.secpod.oval:def:1505677 | Date: (C)2022-05-24 (M)2023-11-13 |
Class: PATCH | Family: unix |
cjose [0.6.1-2] - fix concatkdf big endian architecture problem. Upstream issue #77. [0.6.1-1] - upgrade to latest upstream 0.6.1 [0.5.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [0.5.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0.5.1-1] - Initial packaging mod_auth_openidc [2.3.7-11] - Resolves: rhbz#1987222 - CVE-2021-32792 XSS when using OIDCPreservePost On [2.3.7-10] - Resolves: rhbz#1987216 - CVE-2021-32791 hardcoded static IV and AAD with a reused key in AES GCM encryption [rhel-8] [2.3.7-9] - Resolves: rhbz#2001853 - CVE-2021-39191 open redirect by supplying a crafted URL in the target_link_uri parameter
Product: |
mod_auth_openidc |
cjose |