Change log for shiro package in Ubuntu
| 1 → 13 of 13 results | First • Previous • Next • Last |
shiro (1.3.2-4ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: improper authentication issue when receiving specially
crafted HTTP request
- debian/patches/CVE-2020-13933.patch: new global filter added to block
invalid requests.
- debian/patches/CVE-2020-17510_1_of_2.patch: enable normalization of
backslashes in invalid request filter.
- debian/patches/CVE-2020-17510_2_of_2.patch: disable session ID URL
rewriting by default.
- debian/patches/CVE-2020-1957_11989.patch: patch updated with additional
testing.
- debian/patches/05-guice-improvements.patch: support for Guice 4 added
with patch also acting as an additional commit for the above patches.
- CVE-2020-13933
- CVE-2020-17510
-- Evan Caville <email address hidden> Tue, 08 Aug 2023 12:30:46 +1000
Available diffs
| Published in noble-release |
| Published in mantic-release |
| Published in lunar-release |
| Obsolete in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
shiro (1.3.2-5) unstable; urgency=medium
* Team upload.
* Update patch for Spring Framework 4.3.x build failure.
* Cherry-pick upstream patch with Guice improvements.
* CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request
could cause an authentication bypass. (Closes: #955018)
* CVE-2020-11989: Fix an encoding issue introduced in the handling of the
previous CVE-2020-1957 path-traversal issue which could have also caused an
authentication bypass.
* CVE-2020-13933: Fix an authentication bypass resulting from a specially
crafted HTTP request. (Closes: #968753)
* CVE-2020-17510: Fix an authentication bypass resulting from a specially
crafted HTTP request.
-- Roberto C. Sánchez <email address hidden> Fri, 27 Aug 2021 13:10:19 -0400
Available diffs
- diff from 1.3.2-4 to 1.3.2-5 (18.5 KiB)
shiro (1.3.2-4ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Improper Authentication
- debian/patches/CVE-2020-1957_11989.patch: Fix a path-traversal issue
where a specially-crafted request could cause an authentication bypass.
- CVE-2020-1957
- CVE-2020-11989
-- Paulo Flabiano Smorigo <email address hidden> Thu, 11 Feb 2021 12:53:26 +0000
Available diffs
shiro (1.3.2-3~18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: Improper Authentication
- debian/patches/CVE-2020-1957_11989.patch: Fix a path-traversal issue
where a specially-crafted request could cause an authentication bypass.
- CVE-2020-1957
- CVE-2020-11989
-- Paulo Flabiano Smorigo <email address hidden> Thu, 11 Feb 2021 12:59:56 +0000
Available diffs
| Superseded in jammy-release |
| Obsolete in impish-release |
| Obsolete in hirsute-release |
| Obsolete in groovy-release |
| Published in focal-release |
| Obsolete in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
shiro (1.3.2-4) unstable; urgency=medium * Team upload. * Remove powermock from B-D. See #875358. * Declare compliance with Debian Policy 4.3.0. * Install the NOTICE file with libshiro-java.docs. -- Markus Koschany <email address hidden> Fri, 01 Mar 2019 22:36:03 +0100
Available diffs
- diff from 1.3.2-3 to 1.3.2-4 (860 bytes)
| Obsolete in cosmic-updates |
| Superseded in bionic-updates |
| Obsolete in cosmic-security |
| Superseded in bionic-security |
| Deleted in cosmic-proposed (Reason: moved to -updates) |
| Deleted in bionic-proposed (Reason: moved to -updates) |
shiro (1.3.2-3~18.04) bionic; urgency=medium * Backport for OpenJDK 11. LP: #1814133.
Available diffs
shiro (1.3.2-3) unstable; urgency=medium * Fixed the build failure with Java 11 (Closes: #912390) * Standards-Version updated to 4.2.1 * Switch to debhelper level 11 * Use salsa.debian.org Vcs-* URLs -- Emmanuel Bourg <email address hidden> Thu, 29 Nov 2018 14:37:03 +0100
Available diffs
- diff from 1.3.2-2 to 1.3.2-3 (1.6 KiB)
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Published in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
shiro (1.3.2-2) unstable; urgency=medium * Team upload. * Add missing build-dep on junit4 (Closes: #871325) -- tony mancill <email address hidden> Thu, 17 Aug 2017 21:57:24 -0700
Available diffs
- diff from 1.3.2-1 to 1.3.2-2 (516 bytes)
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
shiro (1.3.2-1) unstable; urgency=medium
* Team upload.
* New upstream release
- New build dependency on libpowermock-java
- Ignore the new hazelcast module
* Depend on libtaglibs-standard-spec-java instead of libjstl1.1-java
* debian/watch: Track the release tags on GitHub
* Switch to debhelper level 10
-- Emmanuel Bourg <email address hidden> Wed, 16 Nov 2016 15:30:28 +0100
Available diffs
- diff from 1.2.5-2 to 1.3.2-1 (64.9 KiB)
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
shiro (1.2.5-2) unstable; urgency=medium * Team upload. * Fixed the build failure with Spring Framework 4.3.x (Closes: #834471) * Build with the DH sequencer instead of CDBS * Use secure Vcs-* URLs -- Emmanuel Bourg <email address hidden> Fri, 19 Aug 2016 19:57:14 +0200
Available diffs
- diff from 1.2.5-1 to 1.2.5-2 (1.3 KiB)
shiro (1.2.5-1) unstable; urgency=high
* Team upload.
* New upstream release.
Fixes CVE-2016-4437 (Closes: #826653)
* Bump Standards-Version to 3.9.8 (no changes).
* Include reproducible build patch.
Thank you to Chris Lamb. (Closes: #797296)
-- tony mancill <email address hidden> Sun, 12 Jun 2016 11:57:59 -0700
Available diffs
- diff from 1.2.4-1 to 1.2.5-1 (12.1 KiB)
| Superseded in yakkety-release |
| Published in xenial-release |
| Obsolete in wily-release |
| Deleted in wily-proposed (Reason: moved to release) |
shiro (1.2.4-1) unstable; urgency=medium
* New upstream release
- Removed the dependency on libguava-java
- Refreshed the patch
- Ignore the maven-toolchains-plugin
* Set the source encoding to UTF-8
-- Emmanuel Bourg <email address hidden> Tue, 21 Jul 2015 14:52:02 +0200
Available diffs
- diff from 1.2.3-1 to 1.2.4-1 (11.3 KiB)
| Superseded in wily-release |
| Obsolete in vivid-release |
| Deleted in vivid-proposed (Reason: moved to release) |
shiro (1.2.3-1) unstable; urgency=low * Initial release (Closes: #726534) -- Emmanuel Bourg <email address hidden> Fri, 10 Oct 2014 00:51:44 +0200
| 1 → 13 of 13 results | First • Previous • Next • Last |
