Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2012-2760: Information disclosure

Related Vulnerabilities: CVE-2012-2760  

Source

Debian Bug report logs - #674165
CVE-2012-2760: Information disclosure

version graph

Package: libapache2-mod-auth-openid; Maintainer for libapache2-mod-auth-openid is Debian QA Group <packages@qa.debian.org>; Source for libapache2-mod-auth-openid is src:libapache2-mod-auth-openid (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Wed, 23 May 2012 14:39:01 UTC

Severity: grave

Tags: security

Fixed in version libapache2-mod-auth-openid/0.7-0.1

Done: Clint Adams <clint@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, NIIBE Yutaka <gniibe@fsij.org>:
Bug#674165; Package libapache2-mod-auth-openid. (Wed, 23 May 2012 14:39:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, NIIBE Yutaka <gniibe@fsij.org>. (Wed, 23 May 2012 14:39:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2012-2760: Information disclosure
Date: Wed, 23 May 2012 16:36:22 +0200
Package: libapache2-mod-auth-openid
Severity: grave
Tags: security

Please see http://seclists.org/fulldisclosure/2012/May/238

Cheers,
        Moritz

Reply sent to Clint Adams <clint@debian.org>:
You have taken responsibility. (Thu, 31 May 2012 22:21:18 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Thu, 31 May 2012 22:21:18 GMT) (full text, mbox, link).

Message #10 received at 674165-close@bugs.debian.org (full text, mbox, reply):

From: Clint Adams <clint@debian.org>
To: 674165-close@bugs.debian.org
Subject: Bug#674165: fixed in libapache2-mod-auth-openid 0.7-0.1
Date: Thu, 31 May 2012 22:19:23 +0000
Source: libapache2-mod-auth-openid
Source-Version: 0.7-0.1

We believe that the bug you reported is fixed in the latest version of
libapache2-mod-auth-openid, which is due to be installed in the Debian FTP archive:

libapache2-mod-auth-openid_0.7-0.1.debian.tar.gz
  to main/liba/libapache2-mod-auth-openid/libapache2-mod-auth-openid_0.7-0.1.debian.tar.gz
libapache2-mod-auth-openid_0.7-0.1.dsc
  to main/liba/libapache2-mod-auth-openid/libapache2-mod-auth-openid_0.7-0.1.dsc
libapache2-mod-auth-openid_0.7-0.1_amd64.deb
  to main/liba/libapache2-mod-auth-openid/libapache2-mod-auth-openid_0.7-0.1_amd64.deb
libapache2-mod-auth-openid_0.7.orig.tar.gz
  to main/liba/libapache2-mod-auth-openid/libapache2-mod-auth-openid_0.7.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 674165@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Clint Adams <clint@debian.org> (supplier of updated libapache2-mod-auth-openid package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 31 May 2012 15:27:10 -0400
Source: libapache2-mod-auth-openid
Binary: libapache2-mod-auth-openid
Architecture: source amd64
Version: 0.7-0.1
Distribution: unstable
Urgency: low
Maintainer: NIIBE Yutaka <gniibe@fsij.org>
Changed-By: Clint Adams <clint@debian.org>
Description: 
 libapache2-mod-auth-openid - OpenID authentication module for Apache2
Closes: 603916 619768 634801 644527 674165
Changes: 
 libapache2-mod-auth-openid (0.7-0.1) unstable; urgency=low
 .
   * NMU
   * New upstream version.  closes: #644527.
     - Fixes CVE-2012-2760: Information disclosure; closes: #674165.
     - Fixes breakage on https; closes: #634801.
     - Update DESTDIR patch.
   * Bump to Standards-Version 3.9.3.
   * Fix watch file.
   * Update Homepage.  closes: #603916.
   * Convert README.Debian from EUC-JP to UTF-8.  closes: #619768.
Checksums-Sha1: 
 ef67293a459755ea478ab8202fc08b5e5bc253f2 2036 libapache2-mod-auth-openid_0.7-0.1.dsc
 2ebf6e446aedefc5c2a4523ab05c359a1dcf6f25 352757 libapache2-mod-auth-openid_0.7.orig.tar.gz
 4888baa683313012cb5c7dd16e2b3e788821c89e 5644 libapache2-mod-auth-openid_0.7-0.1.debian.tar.gz
 94b658a6168ce4d6f07426224155eb62f59fc2c5 66204 libapache2-mod-auth-openid_0.7-0.1_amd64.deb
Checksums-Sha256: 
 bc50b678e8792520a8208d381712127422583d2a0ce448ce63ea9f2dd944b619 2036 libapache2-mod-auth-openid_0.7-0.1.dsc
 58cb927121d39557a3593b10db8c960440295fb49cddf8120d6a5b521877ed4c 352757 libapache2-mod-auth-openid_0.7.orig.tar.gz
 97c897eefca38b4d7caa94c09ea6da72d2c614309c6f4e5326dc1aa690326183 5644 libapache2-mod-auth-openid_0.7-0.1.debian.tar.gz
 c8df13e61f702562a00500cd9e7a3c20e4ce183d8a34b6cb5ac317ad6223e316 66204 libapache2-mod-auth-openid_0.7-0.1_amd64.deb
Files: 
 06de11b57395725d86138077405a144a 2036 httpd extra libapache2-mod-auth-openid_0.7-0.1.dsc
 be61ca96e5247eeecab225de5d612524 352757 httpd extra libapache2-mod-auth-openid_0.7.orig.tar.gz
 9f504646c5b37377db0fefde1a332a7c 5644 httpd extra libapache2-mod-auth-openid_0.7-0.1.debian.tar.gz
 222b6bacd0ae96bfcbae3c122a9f6099 66204 httpd extra libapache2-mod-auth-openid_0.7-0.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Debian!

iQIcBAEBCgAGBQJPx+2tAAoJEFWSMx4ZnTio75UP/1aqSOix6801PYd5/hV+DEbu
Aw19sHIMc56XdHF2/tfBRk20Ytb6tnHmdsyvzgIVox9d6szq1yiUS/xasjqjBMYg
WISFZvIz3pfaAacq9zFkLtyvDDxTpJv6+7qrU29cek1UD3ZKdZVrW/rFfVhsuwSm
dhGCYYAfV4wkpBeE1NhQycRrX6IeHDbHtrQ3K8sNaZg7LeMQmvt3KpT3SNBy3817
YOrTMgf1YzYE5LMxev3/T+wu2SgH+HpHqxibnSZYLWc4aYGlpNwVtPbfr+hsrIde
Aem8QIJwYmM7Qw7164RIPOrgRGqJqtSdxDgPjvASkfpwQsUXD8YWkRqqM/yiZvV1
aLqMH+FibbnyUcK3tOr2hCWrRwf9ODHmau6F/DqbrBD7ZnF4pidbhuJpGfILi9Q1
SRgElS1SA55wcIpi6DvfpuorfH4lwWqh+TwF1BHKD9VpkybyE8u5hgqspz9Eq/R5
KObVF/BLskICHWOSuNBoI+7pE/TscIgWkVPNSweV+SbCfOgfstaNGA9xCEAVVpkV
IL8ljvODERUIM6dsohjkvaxMi/G6SBY6nlXZX7lnk7tpDXrbgi/yRg3+jMiC+FSI
v4WGk3unDlo8z3qW7BG/35Vj30mr8Z6kWNERShKJOlRACrHPIPAf9/8ADOz4uuRi
h4c2kbmWDSXPhkU7R+VR
=P7OO
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 02 Jun 2013 08:10:05 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 14:19:20 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started