libapache2-mod-auth-mellon (0.13.1-1ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: open redirect vulnerability
    - debian/patches/CVE-2021-3639.patch: prevent redirect to URLs that
      begin with /// in auth_mellon_util.c.
    - CVE-2021-3639

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 04 Aug 2021 10:17:24 -0400

libapache2-mod-auth-mellon (0.13.1-1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: open redirect issue
    - debian/patches/CVE-2019-13038-1.patch: prevent schemes without
      hostname in auth_mellon_util.c.
    - debian/patches/CVE-2019-13038-2.patch: add error message in
      auth_mellon_util.c.
    - CVE-2019-13038

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 22 Nov 2019 12:44:27 -0500

libapache2-mod-auth-mellon (0.13.1-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Open redirect in logout
    - debian/patches/CVE-2019-3877.patch: fix in
      auth_mellon_util.c.
    - CVE-2019-3877
  * SECURITY UPDATE: Authentication bypass
    - debian/patches/CVE-2019-3878.patch: fix in
      mod_auth_mellon.c.
    - CVE-2019-3878

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Wed, 27 Mar 2019 10:36:21 -0300

libapache2-mod-auth-mellon (0.13.1-1build2) bionic; urgency=medium

  * No-change rebuild against libcurl4

 -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 28 Feb 2018 07:03:42 +0000

libapache2-mod-auth-mellon (0.13.1-1build1) bionic; urgency=high

  * No change rebuild against openssl1.1.

 -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 05 Feb 2018 22:32:52 +0000

libapache2-mod-auth-mellon (0.13.1-1) unstable; urgency=medium

  * New upstream release.
    - Obsoles backported security patches.
  * Checked for policy 4.0.0, no changes necessary.

 -- Thijs Kinkhorst <thijs@debian.org>  Sun, 09 Jul 2017 14:13:45 +0000

libapache2-mod-auth-mellon (0.12.0-2) unstable; urgency=high

  * Backport upstream patches for security issues:
    - Fix a denial of service attack in the logout handler.
    - Fix a cross-site session transfer vulnerability [CVE-2017-6807]. 

 -- Thijs Kinkhorst <thijs@debian.org>  Mon, 13 Mar 2017 13:06:19 +0000

libapache2-mod-auth-mellon (0.12.0-1) unstable; urgency=high

  * New upstream release.
    - Fixes Denial of Service issues [CVE-2016-2145, CVE-2016-2146].
  * Checked for policy 3.6.7, no changes. 

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 09 Mar 2016 10:13:05 +0000

libapache2-mod-auth-mellon (0.11.0-1) unstable; urgency=medium

  * New upstream release.
  * Depend on authn_core in Apache module definition, it's needed
    for the "AuthType" command to work.

 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 18 Sep 2015 13:23:06 +0000

libapache2-mod-auth-mellon (0.10.0-1) unstable; urgency=medium

  * New upstream release.
  * Update Standards-Version to 3.9.6, no changes required.

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 29 Apr 2015 14:26:09 +0000

libapache2-mod-auth-mellon (0.9.1-1) unstable; urgency=medium

  * New upstream release. Fixes CVE-2014-8566.

 -- Thijs Kinkhorst <thijs@debian.org>  Mon, 01 Sep 2014 10:24:58 +0000

libapache2-mod-auth-mellon (0.9.0-1) unstable; urgency=medium

  * New upstream release. Fixes CVE-2014-8567.
  * Upstream moved to github: update homepage, watch and copyright.
  * Switched to collab-maint: update Vcs-* fields. 

 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 29 Aug 2014 13:13:12 +0000

libapache2-mod-auth-mellon (0.7.0-1) unstable; urgency=low

  * New upstream release.
    - Incorporates ap-2.4-compat.patch.

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 05 Jun 2013 12:58:50 +0200

libapache2-mod-auth-mellon (0.6.1-3) unstable; urgency=low

  * Upload to unstable.

 -- Thijs Kinkhorst <thijs@debian.org>  Mon, 27 May 2013 16:30:08 +0200

libapache2-mod-auth-mellon (0.6.1-2) experimental; urgency=low

  * Rebuild for Apache 2.4.

 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 07 May 2013 10:41:42 +0200

libapache2-mod-auth-mellon (0.6.1-1) unstable; urgency=low

  * New upstream release 0.6.1.

 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 22 Mar 2013 13:23:40 +0100

libapache2-mod-auth-mellon (0.6.0-1) unstable; urgency=low

  * New upstream release 0.6.0.

 -- Thijs Kinkhorst <thijs@debian.org>  Mon, 18 Mar 2013 09:55:00 +0100

libapache2-mod-auth-mellon (0.6.0~rc1-1) unstable; urgency=low

  * Add self as Debian package maintainer.
  * Update to debhelper 9, dh(1), policy 3.9.4, source format 3.

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 06 Mar 2013 18:46:04 +0100

libapache2-mod-auth-mellon (0.5.0-1) unstable; urgency=low

  * Update version to 0.5.0.

 -- Olav Morken <olav.morken@uninett.no>  Fri, 09 Mar 2012 12:11:29 +0100

libapache2-mod-auth-mellon (0.4.0-1) unstable; urgency=low

  * Update version to 0.4.0.

 -- Olav Morken <olav.morken@uninett.no>  Wed, 18 May 2011 12:41:53 +0200

libapache2-mod-auth-mellon (0.3.0-1) unstable; urgency=low

  * Update version to 0.3.0.

 -- Olav Morken <olav.morken@uninett.no>  Thu, 12 Aug 2010 12:52:21 +0200

libapache2-mod-auth-mellon (0.2.7-1) unstable; urgency=low

  * Update version to 0.2.7.

 -- Olav Morken <olav.morken@uninett.no>  Mon, 31 May 2010 14:44:17 +0200

libapache2-mod-auth-mellon (0.2.6-1) unstable; urgency=low

  * Update version to 0.2.6.

 -- Olav Morken <olav.morken@uninett.no>  Mon, 16 Nov 2009 08:22:23 +0100

libapache2-mod-auth-mellon (0.2.5-1) unstable; urgency=low

  * Update version to 0.2.5.

 -- Olav Morken <olav.morken@uninett.no>  Mon, 16 Nov 2009 08:22:23 +0100

libapache2-mod-auth-mellon (0.2.4-1) unstable; urgency=low

  * Update version to 0.2.4.

 -- Olav Morken <olav.morken@uninett.no>  Tue, 11 Aug 2009 15:48:35 +0200

libapache2-mod-auth-mellon (0.2.3-1) unstable; urgency=low

  * Update version to 0.2.3.

 -- Olav Morken <olav.morken@uninett.no>  Fri, 07 Aug 2009 14:52:53 +0200

libapache2-mod-auth-mellon (0.2.2-1) unstable; urgency=low

  * Update version to 0.2.2.

 -- Olav Morken <olav.morken@uninett.no>  Fri, 07 Aug 2009 10:43:31 +0200

libapache2-mod-auth-mellon (0.2.0-1) unstable; urgency=low

  * Update version to 0.2.0.

 -- Olav Morken <olavmrk@gmail.com>  Wed,  13 May 2009 07:57:09 +0100

libapache2-mod-auth-mellon (0.1.1-1) unstable; urgency=low

  * Update version to 0.1.1.

 -- Olav Morken <olavmrk@gmail.com>  Fri,   6 Mar 2009 08:57:16 +0100

libapache2-mod-auth-mellon (0.1.0-1) unstable; urgency=low

  * Update version to 0.1.0.

 -- Olav Morken <olavmrk@gmail.com>  Tue,  11 Nov 2008 21:50:25 +0100

libapache2-mod-auth-mellon (0.0.7-1) unstable; urgency=low

  * Update version to 0.0.7.

 -- Olav Morken <olavmrk@gmail.com>  Tue,   1 Jul 2008 15:45:23 +0200

libapache2-mod-auth-mellon (0.0.6-1) unstable; urgency=low

  * Update version to 0.0.6.

 -- Olav Morken <olavmrk@gmail.com>  Wed,  15 Aug 2007 14:03:23 +0200


libapache2-mod-auth-mellon (0.0.5-1) unstable; urgency=low

  * Update version to 0.0.5.

 -- Olav Morken <olavmrk@gmail.com>  Wed,  8 Aug 2007 11:36:13 +0200


libapache2-mod-auth-mellon (0.0.4-1) unstable; urgency=low

  * Update version to 0.0.4.

 -- Olav Morken <olavmrk@gmail.com>  Tue,  7 Aug 2007 10:30:43 +0200


libapache2-mod-auth-mellon (0.0.3-1) unstable; urgency=low

  * Update version to 0.0.3.

 -- Olav Morken <olavmrk@gmail.com>  Fri, 13 Jul 2007 14:30:05 +0200


libapache2-mod-auth-mellon (0.0.2-1) unstable; urgency=low

  * Update version to 0.0.2.

 -- Olav Morken <olavmrk@gmail.com>  Tue, 10 Jul 2007 08:55:49 +0200


libapache2-mod-auth-mellon (0.0.1-1) unstable; urgency=low

  * Initial release

 -- Olav Morken <olavmrk@gmail.com>  Mon,  9 Jul 2007 09:52:45 +0200

