Format: 1.8
Date: Fri, 27 Aug 2021 13:10:19 -0400
Source: shiro
Binary: libshiro-java
Architecture: all
Version: 1.3.2-5
Distribution: sid
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Roberto C. Sánchez <roberto@debian.org>
Description:
 libshiro-java - Apache Shiro - Java Security Framework
Closes: 955018 968753
Changes:
 shiro (1.3.2-5) unstable; urgency=medium
 .
   * Team upload.
   * Update patch for Spring Framework 4.3.x build failure.
   * Cherry-pick upstream patch with Guice improvements.
   * CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request
     could cause an authentication bypass. (Closes: #955018)
   * CVE-2020-11989: Fix an encoding issue introduced in the handling of the
     previous CVE-2020-1957 path-traversal issue which could have also caused an
     authentication bypass.
   * CVE-2020-13933: Fix an authentication bypass resulting from a specially
     crafted HTTP request. (Closes: #968753)
   * CVE-2020-17510: Fix an authentication bypass resulting from a specially
     crafted HTTP request.
Checksums-Sha1:
 2a6f24e47323402ed55d83a7c7ee5a9320d167c9 576040 libshiro-java_1.3.2-5_all.deb
 c4d1529cc11aa28cf99341521a503da1691561a6 14451 shiro_1.3.2-5_arm64.buildinfo
Checksums-Sha256:
 6ec7d102f9cb8125314e37aba6138d71010f4998e17e2b2b275c6177bdcc1088 576040 libshiro-java_1.3.2-5_all.deb
 a4c132cba42f2f3a14a899bf286a409d62423c3b9c7a78c6d92f9d1bb3c793c4 14451 shiro_1.3.2-5_arm64.buildinfo
Files:
 a5f3714ce94f523bb662587f9e22203d 576040 java optional libshiro-java_1.3.2-5_all.deb
 4a12a5f45efb27b0b18ffbd7b3dc3f47 14451 java optional shiro_1.3.2-5_arm64.buildinfo