Change log for shiro package in Ubuntu
1 → 13 of 13 results | First • Previous • Next • Last |
shiro (1.3.2-4ubuntu0.2) focal-security; urgency=medium * SECURITY UPDATE: improper authentication issue when receiving specially crafted HTTP request - debian/patches/CVE-2020-13933.patch: new global filter added to block invalid requests. - debian/patches/CVE-2020-17510_1_of_2.patch: enable normalization of backslashes in invalid request filter. - debian/patches/CVE-2020-17510_2_of_2.patch: disable session ID URL rewriting by default. - debian/patches/CVE-2020-1957_11989.patch: patch updated with additional testing. - debian/patches/05-guice-improvements.patch: support for Guice 4 added with patch also acting as an additional commit for the above patches. - CVE-2020-13933 - CVE-2020-17510 -- Evan Caville <email address hidden> Tue, 08 Aug 2023 12:30:46 +1000
Available diffs
Published in noble-release |
Published in mantic-release |
Published in lunar-release |
Obsolete in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
shiro (1.3.2-5) unstable; urgency=medium * Team upload. * Update patch for Spring Framework 4.3.x build failure. * Cherry-pick upstream patch with Guice improvements. * CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request could cause an authentication bypass. (Closes: #955018) * CVE-2020-11989: Fix an encoding issue introduced in the handling of the previous CVE-2020-1957 path-traversal issue which could have also caused an authentication bypass. * CVE-2020-13933: Fix an authentication bypass resulting from a specially crafted HTTP request. (Closes: #968753) * CVE-2020-17510: Fix an authentication bypass resulting from a specially crafted HTTP request. -- Roberto C. Sánchez <email address hidden> Fri, 27 Aug 2021 13:10:19 -0400
Available diffs
- diff from 1.3.2-4 to 1.3.2-5 (18.5 KiB)
shiro (1.3.2-4ubuntu0.1) focal-security; urgency=medium * SECURITY UPDATE: Improper Authentication - debian/patches/CVE-2020-1957_11989.patch: Fix a path-traversal issue where a specially-crafted request could cause an authentication bypass. - CVE-2020-1957 - CVE-2020-11989 -- Paulo Flabiano Smorigo <email address hidden> Thu, 11 Feb 2021 12:53:26 +0000
Available diffs
shiro (1.3.2-3~18.04.1) bionic-security; urgency=medium * SECURITY UPDATE: Improper Authentication - debian/patches/CVE-2020-1957_11989.patch: Fix a path-traversal issue where a specially-crafted request could cause an authentication bypass. - CVE-2020-1957 - CVE-2020-11989 -- Paulo Flabiano Smorigo <email address hidden> Thu, 11 Feb 2021 12:59:56 +0000
Available diffs
Superseded in jammy-release |
Obsolete in impish-release |
Obsolete in hirsute-release |
Obsolete in groovy-release |
Published in focal-release |
Obsolete in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
shiro (1.3.2-4) unstable; urgency=medium * Team upload. * Remove powermock from B-D. See #875358. * Declare compliance with Debian Policy 4.3.0. * Install the NOTICE file with libshiro-java.docs. -- Markus Koschany <email address hidden> Fri, 01 Mar 2019 22:36:03 +0100
Available diffs
- diff from 1.3.2-3 to 1.3.2-4 (860 bytes)
Obsolete in cosmic-updates |
Superseded in bionic-updates |
Obsolete in cosmic-security |
Superseded in bionic-security |
Deleted in cosmic-proposed (Reason: moved to -updates) |
Deleted in bionic-proposed (Reason: moved to -updates) |
shiro (1.3.2-3~18.04) bionic; urgency=medium * Backport for OpenJDK 11. LP: #1814133.
Available diffs
shiro (1.3.2-3) unstable; urgency=medium * Fixed the build failure with Java 11 (Closes: #912390) * Standards-Version updated to 4.2.1 * Switch to debhelper level 11 * Use salsa.debian.org Vcs-* URLs -- Emmanuel Bourg <email address hidden> Thu, 29 Nov 2018 14:37:03 +0100
Available diffs
- diff from 1.3.2-2 to 1.3.2-3 (1.6 KiB)
Superseded in disco-release |
Obsolete in cosmic-release |
Published in bionic-release |
Obsolete in artful-release |
Deleted in artful-proposed (Reason: moved to release) |
shiro (1.3.2-2) unstable; urgency=medium * Team upload. * Add missing build-dep on junit4 (Closes: #871325) -- tony mancill <email address hidden> Thu, 17 Aug 2017 21:57:24 -0700
Available diffs
- diff from 1.3.2-1 to 1.3.2-2 (516 bytes)
Superseded in artful-release |
Obsolete in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
shiro (1.3.2-1) unstable; urgency=medium * Team upload. * New upstream release - New build dependency on libpowermock-java - Ignore the new hazelcast module * Depend on libtaglibs-standard-spec-java instead of libjstl1.1-java * debian/watch: Track the release tags on GitHub * Switch to debhelper level 10 -- Emmanuel Bourg <email address hidden> Wed, 16 Nov 2016 15:30:28 +0100
Available diffs
- diff from 1.2.5-2 to 1.3.2-1 (64.9 KiB)
Superseded in zesty-release |
Obsolete in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
shiro (1.2.5-2) unstable; urgency=medium * Team upload. * Fixed the build failure with Spring Framework 4.3.x (Closes: #834471) * Build with the DH sequencer instead of CDBS * Use secure Vcs-* URLs -- Emmanuel Bourg <email address hidden> Fri, 19 Aug 2016 19:57:14 +0200
Available diffs
- diff from 1.2.5-1 to 1.2.5-2 (1.3 KiB)
shiro (1.2.5-1) unstable; urgency=high * Team upload. * New upstream release. Fixes CVE-2016-4437 (Closes: #826653) * Bump Standards-Version to 3.9.8 (no changes). * Include reproducible build patch. Thank you to Chris Lamb. (Closes: #797296) -- tony mancill <email address hidden> Sun, 12 Jun 2016 11:57:59 -0700
Available diffs
- diff from 1.2.4-1 to 1.2.5-1 (12.1 KiB)
Superseded in yakkety-release |
Published in xenial-release |
Obsolete in wily-release |
Deleted in wily-proposed (Reason: moved to release) |
shiro (1.2.4-1) unstable; urgency=medium * New upstream release - Removed the dependency on libguava-java - Refreshed the patch - Ignore the maven-toolchains-plugin * Set the source encoding to UTF-8 -- Emmanuel Bourg <email address hidden> Tue, 21 Jul 2015 14:52:02 +0200
Available diffs
- diff from 1.2.3-1 to 1.2.4-1 (11.3 KiB)
Superseded in wily-release |
Obsolete in vivid-release |
Deleted in vivid-proposed (Reason: moved to release) |
shiro (1.2.3-1) unstable; urgency=low * Initial release (Closes: #726534) -- Emmanuel Bourg <email address hidden> Fri, 10 Oct 2014 00:51:44 +0200
1 → 13 of 13 results | First • Previous • Next • Last |