Publishing details

Published on 2023-09-07
Copied from ubuntu focal in PPA for Ubuntu Security Proposed by Evan Caville

Changelog

shiro (1.3.2-4ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: improper authentication issue when receiving specially
    crafted HTTP request
    - debian/patches/CVE-2020-13933.patch: new global filter added to block
      invalid requests.
    - debian/patches/CVE-2020-17510_1_of_2.patch: enable normalization of
      backslashes in invalid request filter.
    - debian/patches/CVE-2020-17510_2_of_2.patch: disable session ID URL
      rewriting by default.
    - debian/patches/CVE-2020-1957_11989.patch: patch updated with additional
      testing.
    - debian/patches/05-guice-improvements.patch: support for Guice 4 added
      with patch also acting as an additional commit for the above patches.
    - CVE-2020-13933
    - CVE-2020-17510

 -- Evan Caville <email address hidden>  Tue, 08 Aug 2023 12:30:46 +1000

Available diffs

diff from 1.3.2-4ubuntu0.1 to 1.3.2-4ubuntu0.2 (17.7 KiB)

Builds

amd64

Built packages

libshiro-java Apache Shiro - Java Security Framework

Package files

libshiro-java_1.3.2-4ubuntu0.2_all.deb (551.6 KiB)
shiro_1.3.2-4ubuntu0.2.debian.tar.xz (20.1 KiB)
shiro_1.3.2-4ubuntu0.2.dsc (2.3 KiB)
shiro_1.3.2.orig.tar.xz (467.7 KiB)