[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted shiro 1.3.2-4+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 06 Aug 2021 14:25:38 -0400
Source: shiro
Architecture: source
Version: 1.3.2-4+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Roberto C. Sánchez <roberto@debian.org>
Closes: 955018 968753
Changes:
 shiro (1.3.2-4+deb10u1) buster; urgency=medium
 .
   * Update patch for Spring Framework 4.3.x build failure.
   * Cherry-pick upstream patch with Guice improvements.
   * CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request
     could cause an authentication bypass. (Closes: #955018)
   * CVE-2020-11989: Fix an encoding issue introduced in the handling of the
     previous CVE-2020-1957 path-traversal issue which could have also caused an
     authentication bypass.
   * CVE-2020-13933: Fix an authentication bypass resulting from a specially
     crafted HTTP request. (Closes: #968753)
   * CVE-2020-17510: Fix an authentication bypass resulting from a specially
     crafted HTTP request.
Checksums-Sha1:
 aab103fd26c43b0469ee1829794653b50807e30f 2304 shiro_1.3.2-4+deb10u1.dsc
 99b972a2f8f451970ba45f8f5fb6ea5f4688c0b5 20664 shiro_1.3.2-4+deb10u1.debian.tar.xz
 3d05f08f0fa16a773c2bc9a737e58083f3e92d9c 13532 shiro_1.3.2-4+deb10u1_amd64.buildinfo
Checksums-Sha256:
 7646e5c7f259185e8be9b9927d2497817e69016883d82124d7efa487ca83e492 2304 shiro_1.3.2-4+deb10u1.dsc
 b2f260e52a7989904e8fcc9e37f312a5baf70ff9962e8507c9b91c54aa4a87bf 20664 shiro_1.3.2-4+deb10u1.debian.tar.xz
 404a351ad507275fd35a7e511adc813ab7f1514a7e93795b366e72e2f1a9e874 13532 shiro_1.3.2-4+deb10u1_amd64.buildinfo
Files:
 761e50460a9ebc5954f733f487b7c323 2304 java optional shiro_1.3.2-4+deb10u1.dsc
 00c4023645478c30532a3d12fc13a689 20664 java optional shiro_1.3.2-4+deb10u1.debian.tar.xz
 398676b667fbb59c9d8f4bbe3f90a936 13532 java optional shiro_1.3.2-4+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAmEsQIAACgkQLNd4Xt2n
sg8G6xAAklcoDI1mxel1uIKgWfpjaEI3eRCXUmKws0V+ewUDhHKpb5Obg3NXZcaO
4LPbowxV6t7vwmM5Krmm6e2seV+6SE2PY1uJgTt4PhembLezndwEqPYFwAOX6RAi
uv7zrx/PpQ9xxDxKIrBewWzbUrwAKElrqVale9ERmKMTv3kc1ZHP8S1dFqiu/aLJ
NuZSGBS+MFbJFe2oGGYdaPj+OT0AKL3XlH4EooujbjXTMlxT/2/9xAE3vwBuNSm9
VJveu9jiN9qKnNj5Po6yZ09kluq4eJGkL54Zo3MVKcIblLRBpx38r4djLmJrAYLM
SIYyefV6SpYn3k4NEyKpFTxXzZgRIHLHuyPoZ+Gn83dN1vmZqj/w73Z+cx8t+1DV
X8IswVaqo5n4mamn889iDCNX747TsoO2hbx1E9WB/HpgLqpuyABGs5/gRgRjFqFU
xKy/xQ54cxa3KknN7RqdjJi3PY9E2+0Kt8x7MeM5/ycpCbXlKLSB8KqwMPwZLPrT
zXvhL6wZq50GNANaDE+vPe2QZOR3QH+5asUMmf2PsdbhGGEoRbZwgRfRyzd1W+9G
1qGjX/bXSV/Fz/+XnCOagxfoe18EKioft6mzkCsdwHVH6NFdBp6i2paQ+/Q+GFBF
fu927ztaeZihZGWhDsjLoCZe3dNf1iICvxxVLyUBToW8Bn7g7bA=
=Yy/s
-----END PGP SIGNATURE-----


Reply to: