diff --git a/.gitignore b/.gitignore index 9b43547..fa44962 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/v2.4.9.1.tar.gz +SOURCES/v2.4.9.4.tar.gz diff --git a/.mod_auth_openidc.metadata b/.mod_auth_openidc.metadata index a96f6ee..8489896 100644 --- a/.mod_auth_openidc.metadata +++ b/.mod_auth_openidc.metadata @@ -1 +1 @@ -c0278298ef5541193c13eb297f721e3db1a68cd9 SOURCES/v2.4.9.1.tar.gz +47f8b949552c3d32f019c5cf785c4672dc0f8aae SOURCES/v2.4.9.4.tar.gz diff --git a/SPECS/mod_auth_openidc.spec b/SPECS/mod_auth_openidc.spec index 5f2d4a6..7c2cf34 100644 --- a/SPECS/mod_auth_openidc.spec +++ b/SPECS/mod_auth_openidc.spec @@ -14,7 +14,7 @@ %global httpd_pkg_cache_dir /var/cache/httpd/mod_auth_openidc Name: mod_auth_openidc -Version: 2.4.9.1 +Version: 2.4.9.4 Release: 1%{?dist} Summary: OpenID Connect auth module for Apache HTTP Server @@ -94,6 +94,11 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/cache %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache %changelog +* Tue Nov 30 2021 Tomas Halman - 2.4.9.4-1 +- Resolves: rhbz#2001852 - CVE-2021-39191 mod_auth_openidc: open redirect + by supplying a crafted URL in the target_link_uri + parameter + * Fri Jul 30 2021 Jakub Hrozek - 2.4.9.1-1 - Resolves: rhbz#1987223 - CVE-2021-32792 mod_auth_openidc: XSS when using OIDCPreservePost On [rhel-9.0]