Publishing details

Published on 2023-04-25
Copied from debian sid in Primary Archive for Debian GNU/Linux

Changelog

shiro (1.3.2-5) unstable; urgency=medium

  * Team upload.
  * Update patch for Spring Framework 4.3.x build failure.
  * Cherry-pick upstream patch with Guice improvements.
  * CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request
    could cause an authentication bypass. (Closes: #955018)
  * CVE-2020-11989: Fix an encoding issue introduced in the handling of the
    previous CVE-2020-1957 path-traversal issue which could have also caused an
    authentication bypass.
  * CVE-2020-13933: Fix an authentication bypass resulting from a specially
    crafted HTTP request. (Closes: #968753)
  * CVE-2020-17510: Fix an authentication bypass resulting from a specially
    crafted HTTP request.

 -- Roberto C. Sánchez <email address hidden>  Fri, 27 Aug 2021 13:10:19 -0400

Available diffs

diff from 1.3.2-4 to 1.3.2-5 (18.5 KiB)

Builds

Built packages

libshiro-java Apache Shiro - Java Security Framework

Package files

libshiro-java_1.3.2-5_all.deb (548.8 KiB)
shiro_1.3.2-5.debian.tar.xz (20.2 KiB)
shiro_1.3.2-5.dsc (2.2 KiB)
shiro_1.3.2.orig.tar.xz (467.7 KiB)