[SECURITY] [DLA 2273-1] shiro security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : shiro
Version : 1.3.2-1+deb9u1
CVE IDs : CVE-2020-1957 CVE-2020-11989
Debian Bug : #955018
It was discovered that there was two issues in shiro, a security
framework for Java application:
* CVE-2020-1957: Fix a path-traversal issue where a
specially-crafted request could cause an authentication bypass.
* CVE-2020-11989: Fix an encoding issue introduced in the handling
of the previous CVE-2020-1957 path-traversal issue which itself
could have also caused an authentication bypass.
For Debian 9 "Stretch", these issues have been fixed in shiro version
1.3.2-1+deb9u1.
We recommend that you upgrade your shiro packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl8F3cEACgkQHpU+J9Qx
Hlg6WA//ZSir9Kr3s3tE3e/WiiVgUIJWEHNI7bHVEn6BYy3Cz49WH/dD1L7mgx1D
B78gtX17DUEQ0RXMluMN1fJ8T3hYFnYBrFLRJ5qhOqK1MOs3X3wdNk6w458fBmKB
OyurGoUb8T/s/qNu/3NejbB+h/KSr+QGulS1wrzHvEsAt0vsQ8Yt7WKlZyJPRKoG
T1Ur6iqQRBuCD4jezaaDZbhzk7Rp1E086vc4KLHS3Neouu8jFnQHCMsw2ezmZx52
n04gLwJqh6A3bS5gMP/rI5pueymq0/9youDO2m27Iv1dteCCKuJEuRlCgQ1bfu+z
6hE4LgL5qyrbo/xeHaEfAQniNU/XogwXr3rrbUfwJrQ1XVAFmpT0kTWjcnoVRWLN
vg+dfH+a8e/byMjwut9nOK93LDEzZqM+Wl938cbPMJUviAI/+P+Zhm03douT3dAV
ZMUY0trSOtWcKK1pR2+Wbj+DHfrPAkUkiO6Yx2g42JMSRO3rmrpiQj8OSqZtt+Y3
SnLo14i/LrdPZzM1UOGyryWuBGT8uHP/pZ1j5j50KpCIO0ETG6bTuJRoIilt2v3V
YVHoXeS5w1opUYudsBM6noiN0NHqwlFdvNBhdqnYxxATmqf9wjyVZJU/xU7ekv94
OmE3kdqPDwTMLfTTkHyzB2DykdbAzfRnGuFbYWH7rrKbL8oTr84=
=a/21
-----END PGP SIGNATURE-----
Reply to: