Bug 2069210 - mod_auth_openidc 2.4.9.4 security update not submitted to F36+ [NEEDINFO]
Summary: mod_auth_openidc 2.4.9.4 security update not submitted to F36+
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: mod_auth_openidc
Version: 36
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Tomas Halman
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-03-28 13:33 UTC by Fabio Valentini
Modified: 2022-05-07 04:14 UTC (History)
5 users (show)

Fixed In Version: mod_auth_openidc-2.4.9.4-1.fc36
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-05-07 04:14:11 UTC
Type: Bug
aboscatt: needinfo? (spoore)


Attachments (Terms of Use)

Description Fabio Valentini 2022-03-28 13:33:30 UTC
Looks like the 2.4.9.4 security update was built only for Fedora 35, but not any other branch, not even Rawhide:
https://koji.fedoraproject.org/koji/packageinfo?packageID=21309

Please submit this update *at least* to F36 and Rawhide as well. Newer releases having an older version (especially one that does not have the fixes for CVE-2021-39191 from 2.4.9.4) is really bad.

Comment 3 Fedora Update System 2022-03-31 15:27:36 UTC
FEDORA-2022-814ee0c43b has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-814ee0c43b

Comment 4 Tomas Halman 2022-03-31 15:29:41 UTC
Rawhide is updated as well

Comment 5 Fedora Update System 2022-04-01 23:23:40 UTC
FEDORA-2022-814ee0c43b has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-814ee0c43b`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-814ee0c43b

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 6 Fedora Update System 2022-05-07 04:14:11 UTC
FEDORA-2022-814ee0c43b has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.