Changelog for mod_auth_openidc-1.8.8-7.el7.x86_64.rpm :
Mon Mar 16 13:00:00 2020 Jakub Hrozek - 1.8.8-7
- Fix a regression in the previous patches
- Related: rhbz#1805748 - CVE-2019-20479 mod_auth_openidc: open redirect
issue exists in URLs with slash and backslash [rhel-7]

Mon Mar 16 13:00:00 2020 Jakub Hrozek - 1.8.8-6
- Resolves: rhbz#1805748 - CVE-2019-20479 mod_auth_openidc: open redirect
issue exists in URLs with slash and backslash [rhel-7]
- Resolves: rhbz#1805067 - CVE-2019-14857 mod_auth_openidc: Open redirect
in logout url when using URLs with leading slashes
[rhel-7]

Tue Jan 29 13:00:00 2019 Jakub Hrozek - 1.8.8-5
- Resolves: rhbz#1626297 - CVE-2017-6413 mod_auth_openidc: OIDC_CLAIM and
OIDCAuthNHeader not skipped in an \"AuthType oauth20\"
configuration [rhel-7]

Tue Jan 29 13:00:00 2019 Jakub Hrozek - 1.8.8-4
- Resolves: rhbz#1626299 - CVE-2017-6059 mod_auth_openidc: Shows
user-supplied content on error pages [rhel-7]

Thu Mar 31 14:00:00 2016 John Dennis - 1.8.8-3
- fix unit test failure caused by apr_jwe_decrypt_content_aesgcm()
failing to null terminate decrypted string
Resolves: bug#1292561 New package: mod_auth_openidc

Tue Mar 29 14:00:00 2016 John Dennis - 1.8.8-2
- Add %check to run test
Resolves: bug#1292561 New package: mod_auth_openidc

Tue Mar 29 14:00:00 2016 John Dennis - 1.8.8-1
- Initial import
Resolves: bug#1292561 New package: mod_auth_openidc