-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 19 Apr 2020 10:25:17 +0100 Source: shiro Binary: libshiro-java Architecture: source all Version: 1.2.3-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: libshiro-java - Apache Shiro - Java Security Framework Closes: 955018 Changes: shiro (1.2.3-1+deb8u1) jessie-security; urgency=high . * CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request could cause an authentication bypass. (Closes: #955018) Checksums-Sha1: 88064e7263f3b1a9ec91796befcf693d57ffa5cd 2285 shiro_1.2.3-1+deb8u1.dsc 4bdd50507ffb9f13ae1e5540c7fc911d31a4e8a0 419336 shiro_1.2.3.orig.tar.xz 32087f2c75a609ba46600ffe680eced16b038ad7 4724 shiro_1.2.3-1+deb8u1.debian.tar.xz 0a667c5fc5f4e1ea470954b13b09e19b8126ade9 515790 libshiro-java_1.2.3-1+deb8u1_all.deb Checksums-Sha256: 651edc177427a8dc1d1b248f41e8ee2a6d50c8590cc5f7dff6bcbe9969111098 2285 shiro_1.2.3-1+deb8u1.dsc 6d63c1cbdd8e7f386221ded534edb48e6bf4d70a28900b8f6c9c29484c1c03e2 419336 shiro_1.2.3.orig.tar.xz 20ec4dc4742c23124425bc9ad475d5062c86444a98f6f9e286e1d3440275a65b 4724 shiro_1.2.3-1+deb8u1.debian.tar.xz 307094f40b849a8b66f0bb124e32613081a2780c0e7c90555e6de75298996f65 515790 libshiro-java_1.2.3-1+deb8u1_all.deb Files: dcf9140c8447a83fbdcd8e4d9b3f5e43 2285 java optional shiro_1.2.3-1+deb8u1.dsc 16f5c51973ff3ce5cc2b938bdd245950 419336 java optional shiro_1.2.3.orig.tar.xz 8705a2134104a30d05bbaffcbfdaf30b 4724 java optional shiro_1.2.3-1+deb8u1.debian.tar.xz 96033eca42851bf1c62604020980ac44 515790 java optional libshiro-java_1.2.3-1+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl6cGhMACgkQHpU+J9Qx HliSyw//XBxbF+qaJoiAQ9GCugecLKprBJhfgIyqqCa0fvyJrhVGRKAczUmgAoMx LBOTdo2ibW8RXjIa5VbmtBRl0F3keuuMAUJ0XPgmprjPxU6lC3O6zw3solmA9yN1 MafHA+XCdvpkbynJFZYjk5+xyTg7oyvycbCNpceYlF6J0JeiIauBPEAYqjq9SXI2 seL7mus+a9HOiETcvK2eh/zkSnLMDlt0j5ADGJbw3WA7QF4hpvhHY1509EJhtBr8 UwT301wXz4cHylY8kAbd1MwCAvPtQbMUFPZoSyurlbJ97iKPL2c3DkSI698g28Te hCNTDtSNgCF10ECLN3toPSe0zOYUEHJgPzlXQFhHNOcmmzW680o/XtheTMZKkrmS UUQP7WJPcAXonMRCjzAvDNUjdlHaebFKILDuyfzXxqkMlppyN53a+k6ohiY2vXK0 SrB3k3861RyVcE/pqWefD9K/I90LIzzt5aDYzPM1ncxnJd6cJ1s3gDhDnOvG6/WW L3b6ZVJ/L7QUoSH/f40rofK6JU6hEN2x9nWf/YPTDo82tc//uQgChVI2puduTHMD g4H7zL9/V6Gz/vHawDc+nEef2k4HOUngfW6QFyLsTNr/qD8cKK5pSCDT4phen3xJ 07ZqpGZ2ADqP4UGhDygR1iVoVL5g3e7nyhySGRNa9ugnaLGlxR8= =PvYI -----END PGP SIGNATURE-----