| Release | Version |
|---|---|
| jessie | 1.2.1-1+deb8u1 |
| stretch | 1.3.1-1+deb9u1 |
| buster | 1.8.1-1 |
| bullseye | 1.9.1-1 |
| bookworm | 2.1.1-1 |
| trixie | 2.1.1-1 |
| sid | 2.1.1-1 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-36599 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before ... |
| CVE-2015-9284 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vuln ... |
| Bug | Description |
|---|---|
| CVE-2017-18076 | In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value ... |
| DSA / DLA | Description |
|---|---|
| DSA-4109-1 | ruby-omniauth - security update |