libapache2-mod-auth-openidc (2.4.15.7-1) [PTS] [DDPO]

OK: VCS matches the version in the archive

Git: https://salsa.debian.org/debian/libapache2-mod-auth-openidc.git
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: master
Path: debian/changelog
Repo size: 397312
Browser: https://salsa.debian.org/debian/libapache2-mod-auth-openidc
Last scan: 2024-04-25 08:22:11+00
Next scan: 2024-05-01 08:10:00+00
CI pipeline status: failed

Debian changelog in Git:

libapache2-mod-auth-openidc (2.4.15.7-1) unstable; urgency=medium

  [ Hans Zandbelt ]
  * update to OpenIDC Github repository/organization

  [ Moritz Schlarb ]
  * Bump Standards-Version
  * New upstream version 2.4.15.7
    * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks
      cookie value made the server vulnerable to a Denial of Service (DoS)
      attack. If an attacker manipulated the value of the OpenIDC cookie to a
      very large integer like 99999999, the server struggled with the request for
      a long time and finally returned a 500 error. Making a few requests of this
      kind caused servers to become unresponsive, and so attackers could thereby
      craft requests that would make the server work very hard and/or crash with
      minimal effort. (Closes: #1064183)

 -- Moritz Schlarb <schlarbm@uni-mainz.de>  Thu, 18 Apr 2024 13:46:00 +0200

This branch is even with tag debian/2.4.15.7-1