-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 08 Jul 2020 15:37:03 +0100 Source: shiro Binary: libshiro-java Architecture: source all Version: 1.3.2-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: libshiro-java - Apache Shiro - Java Security Framework Closes: 955018 Changes: shiro (1.3.2-1+deb9u1) stretch-security; urgency=high . * CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request could cause an authentication bypass. (Closes: #955018) * CVE-2020-11989: Fix an encoding issue introduced in the handling of the previous CVE-2020-1957 path-traversal issue which could have also caused an authentication bypass. Checksums-Sha1: e5c24f50abefbfdb1dc462b36f47ee090936de84 2305 shiro_1.3.2-1+deb9u1.dsc 16e6971d0a4e49be931ef1be48cb23ed155ccc7e 478884 shiro_1.3.2.orig.tar.xz ef154d836b335656b6630ab917b9bb0d7cc2806b 5560 shiro_1.3.2-1+deb9u1.debian.tar.xz d045a686feb3b2e471a494ca0a6e01415880b403 558626 libshiro-java_1.3.2-1+deb9u1_all.deb 67557b25ff2f2c2c9dbcfef76f88b001f91f9223 15739 shiro_1.3.2-1+deb9u1_amd64.buildinfo Checksums-Sha256: 83f16fc4c7d7c509b8957e367413c7106c4edc824e7a18704eb02f20fa8a9d9f 2305 shiro_1.3.2-1+deb9u1.dsc ae9a3f73a64c05148de9a6c3c09852d3909add94776d47032ec8ff8befed8c5e 478884 shiro_1.3.2.orig.tar.xz ed9865c72e9955cb7d7b1f6cad1172c18b8e667e610822f5314973fa80b8217c 5560 shiro_1.3.2-1+deb9u1.debian.tar.xz 1f79cb9710514b073d2719a5246c01f04efdb9e52445952eb25746282e03b14e 558626 libshiro-java_1.3.2-1+deb9u1_all.deb 55c7ff4dd8ca7c6665785bb22d83f2fd2056de97888ae43e604e70dd0ab74db0 15739 shiro_1.3.2-1+deb9u1_amd64.buildinfo Files: 0bd5d85390a23aff00213ecb35549e51 2305 java optional shiro_1.3.2-1+deb9u1.dsc 030b2d8ebce394a581ce1a5248a21e0e 478884 java optional shiro_1.3.2.orig.tar.xz 3664a91ec2e8f0de69274a4002aab843 5560 java optional shiro_1.3.2-1+deb9u1.debian.tar.xz 6a8a8cfefc4740fca4126116dba50014 558626 java optional libshiro-java_1.3.2-1+deb9u1_all.deb 845b9cb43bd8094a0c226fc401ca2cc3 15739 java optional shiro_1.3.2-1+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl8F3FIACgkQHpU+J9Qx HlhzWA/+NGbAIA2clIwAhmTwYO5kzqVyMzhU1hm0rIA7aW4FmRO2C9rZFUnHL4ZV F0UaPkngVTxILOoBbz6/v28mFDfkKvqmCWn4o5zLVCrm0f5Uw4TZ0k4AZeQSpR+Z YGh4k0EFtoc29cOPWumaMqo3LvYse71q3J+etnUS91N3nViqJCJvZrBBAEGZ5SpF kMOabVMrStCuB28hotaRQWMjYA/wviVFbwQ/RIMEn24cV67a5VxATMQGb3Qf2G8Y 1TFuB5ZtYnQ57h0N8uIzgJO28xFVENJXouugaf3EdEkXmLk0fT/8syHZ/01S+qWS n0cdetyZ7Kz4/yvBxZDZtP7dS0A66PZ81uquvGVDH6BT7lXgupT1sgaoV82DF9Hn 8hU7tUeIzP6uUmEtRfdv/4mx2bKE2BoJokq8AGLAmKAVR9clUwbMYYzyuH4qS8oO mtfXvok8eKfJLrtcpBRLeIHA8Xn/Yc3uBjLFYs7prhaPCd8uaR8K3ushGrbG5CpA qoLAYxn7D3Oh4NBsfVx/M8K2sURze2832h0Ol/SOXXvNr1KkaS4LtoDpLfLwewAm R7b3sMAiUCb5bD9B+rASCfwM4qzfQ3XyVFOD1dXe2/0fm/+flCSgJ7EDM0ldgbM8 nBtUgxTIeyxtLEtheYgnQQ3l9lXKmCjdKWXJJNjvPEoal9NQNaI= =9Mxk -----END PGP SIGNATURE-----
