binary_package_name: null
trusted_certs: null
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
Format: 1.8
Date: Fri, 27 Aug 2021 13:10:19 -0400
Source: shiro
Binary: libshiro-java
Architecture: all
Version: 1.3.2-5
Distribution: sid
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Roberto C. Sánchez <roberto@debian.org>
Description:
libshiro-java - Apache Shiro - Java Security Framework
Closes: 955018 968753
Changes:
shiro (1.3.2-5) unstable; urgency=medium
.
* Team upload.
* Update patch for Spring Framework 4.3.x build failure.
* Cherry-pick upstream patch with Guice improvements.
* CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request
could cause an authentication bypass. (Closes: #955018)
* CVE-2020-11989: Fix an encoding issue introduced in the handling of the
previous CVE-2020-1957 path-traversal issue which could have also caused an
authentication bypass.
* CVE-2020-13933: Fix an authentication bypass resulting from a specially
crafted HTTP request. (Closes: #968753)
* CVE-2020-17510: Fix an authentication bypass resulting from a specially
crafted HTTP request.
Checksums-Sha1:
2a6f24e47323402ed55d83a7c7ee5a9320d167c9 576040 libshiro-java_1.3.2-5_all.deb
c4d1529cc11aa28cf99341521a503da1691561a6 14451 shiro_1.3.2-5_arm64.buildinfo
Checksums-Sha256:
6ec7d102f9cb8125314e37aba6138d71010f4998e17e2b2b275c6177bdcc1088 576040 libshiro-java_1.3.2-5_all.deb
a4c132cba42f2f3a14a899bf286a409d62423c3b9c7a78c6d92f9d1bb3c793c4 14451 shiro_1.3.2-5_arm64.buildinfo
Files:
a5f3714ce94f523bb662587f9e22203d 576040 java optional libshiro-java_1.3.2-5_all.deb
4a12a5f45efb27b0b18ffbd7b3dc3f47 14451 java optional shiro_1.3.2-5_arm64.buildinfo
Relation | Direction | Type | Name | |
---|---|---|---|---|
relates-to | Package upload | shiro_1.3.2-5 |
|