Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
---|---|---|---|---|---|---|
0001-Fix-CVE-2023-28625-segfault-DoS-when-OIDCStripCookie.patch | Fix CVE-2023-28625: segfault DoS when OIDCStripCookies is set | Moritz Schlarb <schlarbm@uni-mainz.de> | no | upstream, https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr | 2023-05-02 | |
0002-fix-DoS-CVE-2024-24814.patch | [PATCH] release 2.4.15.2: fix DoS CVE-2024-24814 fix CVE-2024-24814: DoS when 'OIDCSessionType client-cookie' is set and a crafted Cookie header is supplied https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv |
Hans Zandbelt <hans.zandbelt@openidc.com> | no | 2024-02-06 |