Information on source package libapache2-mod-auth-mellon

Available versions

ReleaseVersion
jessie0.9.1-1
stretch0.12.0-2+deb9u1
buster0.14.2-1
buster (security)0.14.2-1+deb10u1
bullseye0.17.0-1+deb11u1
bookworm0.18.1-1
trixie0.19.0-1
sid0.19.0-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2021-3639vulnerablevulnerable (no DSA)fixedfixedfixedfixedfixedA flaw was found in mod_auth_mellon where it does not sanitize logout ...
CVE-2019-13038vulnerable (no DSA, ignored)vulnerable (no DSA)fixedfixedfixedfixedfixedmod_auth_mellon through 0.14.2 has an Open Redirect via the login?Retu ...
CVE-2019-3877vulnerable (no DSA)fixedfixedfixedfixedfixedfixedA vulnerability was found in mod_auth_mellon before v0.14.2. An open r ...
CVE-2017-6807vulnerable (no DSA)fixedfixedfixedfixedfixedfixedmod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Tr ...
CVE-2016-2146vulnerable (no DSA)fixedfixedfixedfixedfixedfixedThe am_read_post_data function in mod_auth_mellon before 0.11.1 does n ...
CVE-2016-2145vulnerable (no DSA)fixedfixedfixedfixedfixedfixedThe am_read_post_data function in mod_auth_mellon before 0.11.1 does n ...

Resolved issues

BugDescription
CVE-2019-3878A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache ...
CVE-2014-8567The mod_auth_mellon module before 0.8.1 allows remote attackers to cau ...
CVE-2014-8566The mod_auth_mellon module before 0.8.1 allows remote attackers to obt ...

Security announcements

DSA / DLADescription
DLA-3359-1libapache2-mod-auth-mellon - security update
DSA-4414-1libapache2-mod-auth-mellon - security update

Search for package or bug name: Reporting problems