| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| fix-parallel-build.patch | Fix parallel build When building in parallel mode, test and test-cmd, compilations collide on stub.o We could force make -j1, but the Makefile would still be inherently badly written. |
Frédéric Bonnard <frediz@debian.org> | no | 2019-09-16 | ||
| 0002-Fix-CVE-2022-23527-prevent-open-redirect.patch | Fix CVE-2022-23527: prevent open redirect - CVE-2022-23527: prevent open redirect in default setup when OIDCRedirectURLsAllowed is not configured see: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53 |
Hans Zandbelt <hans.zandbelt@zmartzone.eu> | not-needed | backport, https://github.com/zmartzone/mod_auth_openidc/commit/87119f44b9a88312dbc1f752d720bcd2371b94a8 | 2022-12-20 | |
| 0003-Fix-CVE-2023-28625-segfault-DoS-when-OIDCStripCookie.patch | Fix CVE-2023-28625: segfault DoS when OIDCStripCookies is set | Hans Zandbelt <hans.zandbelt@zmartzone.eu> | no | upstream, https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr | 2023-05-02 | |
| 0004-fix-DoS-CVE-2024-24814.patch | [PATCH] release 2.4.15.2: fix DoS CVE-2024-24814 fix CVE-2024-24814: DoS when 'OIDCSessionType client-cookie' is set and a crafted Cookie header is supplied https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv |
Hans Zandbelt <hans.zandbelt@openidc.com> | no | 2024-02-06 |