Skip to content

Commit

Permalink
2.4.13.2: prevent DoS core dump with OIDCStripCookies; CVE-2023-28625
Browse files Browse the repository at this point in the history
GHSA-f5xw-rvfr-24qr

Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
  • Loading branch information
zandbelt committed Mar 28, 2023
1 parent 00b9b8a commit c0e1eda
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
7 changes: 6 additions & 1 deletion ChangeLog
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
03/28/2023
- CVE-2023-28625: prevent core dump when OIDCStripCookies is set and a crafted Cookie header is supplied
https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr
- release 2.4.13.2

03/27/2023
- fix code scanning alerts:
- fix code scanning alerts
- bump to 2.4.13.2rc2

03/24/2023
Expand Down
2 changes: 1 addition & 1 deletion configure.ac
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
AC_INIT([mod_auth_openidc],[2.4.13.2rc2],[hans.zandbelt@openidc.com])
AC_INIT([mod_auth_openidc],[2.4.13.2],[hans.zandbelt@openidc.com])

AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION())

Expand Down

0 comments on commit c0e1eda

Please sign in to comment.