-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 01 Aug 2021 02:12:29 -0400 Source: shiro Binary: libshiro-java Architecture: source Version: 1.3.2-1+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Roberto C. Sánchez <roberto@debian.org> Description: libshiro-java - Apache Shiro - Java Security Framework Closes: 968753 Changes: shiro (1.3.2-1+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the LTS Team. * Update patch for Spring Framework 4.3.x build failure. * Cherry-pick upstream patch with Guice improvements. * Update patch for CVE-2020-1957 with related test suite changes. * CVE-2020-13933: Fix an authentication bypass resulting from a specially crafted HTTP request. (Closes: #968753) * CVE-2020-17510: Fix an authentication bypass resulting from a specially crafted HTTP request. Checksums-Sha1: 43a184e54559e42bb63154bedee16446782d27d2 2308 shiro_1.3.2-1+deb9u2.dsc 662e37ead2cc6e8b689de50bd246feb69796074f 20360 shiro_1.3.2-1+deb9u2.debian.tar.xz 91254916cbb0279606466e30b61c677432e3955b 15943 shiro_1.3.2-1+deb9u2_amd64.buildinfo Checksums-Sha256: 685cfcaf5cf5fba3b34c11bfa3639877a93bc0671e198702d5c5b9af17be60ee 2308 shiro_1.3.2-1+deb9u2.dsc d3f3e537cbf9cf3d0ed921c1a5b3d09223bc7fdd91e81eb229145908195f6a94 20360 shiro_1.3.2-1+deb9u2.debian.tar.xz 707a8bd0336a94ef8ebafa78b161b37c1c775756e8803f53a40c17b7b2108998 15943 shiro_1.3.2-1+deb9u2_amd64.buildinfo Files: 4ec1f76ffbbf7ff1d7ab407f0398fdd4 2308 java optional shiro_1.3.2-1+deb9u2.dsc b4584dce28df4094770c8b8e46c1758b 20360 java optional shiro_1.3.2-1+deb9u2.debian.tar.xz 822d58eccf4762e3a9b356cb21d0c993 15943 java optional shiro_1.3.2-1+deb9u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAmEIWugACgkQLNd4Xt2n sg9npg/9GkdWNpojp5muDoNRvoeLCF307oYeXt0vYsEuEbXVKRW7fzJlKCI9ZhKt xnwnCMP7ZYKatEqwpMHuRV/w+akZcO41cs0WGkQRUn6Mbt23U1a+QbxK9/tmjiES O4DO5rejzt3kHg7FTFEW7r7gUJ7UuMdqvzAHsi3fYQQaOPjP95Qbha/HeB4wS/K3 yBTOYUUUMqJ/bf66DQK0VKkUmNJXMpVM8qk1n0shcA+Apf7h4i6MISnnGC1eiCbb 0207RX4mlJV+6U1FS8FWtLiEeAWUu8QwqVEvWwwUqpXimIS4Dh1CLAZJJkaFSZHY V5zyjy77XEuaHtjfPZa0edvIm6CMdFvyDF8eud43ah1nZMPVwZxKMR3WyzH7THq1 ywNd/O+ZpsByZBzpnpBsshPcqt3m6jJHe6WOwjLLx0QwVBYZLVNEdjP+SkQGMzDv K8rtDEz8jd0PjEbu1BRp1TBKm1nZJcA9+Ax8R93MKY/iigrMeFKv0EejZcJgBKdo p7QBOjc4z0nVti12E0nkRYIAQIplwGrGkk87IW9VdgVmOs9fud3YcnMY7ysPUdit xXRPqK0CBnoxvuU4k/iGcdv1/iE8XbN39+995CHf9c85s3WYc3+iJGjdmGqwIuHe DfVVQaXclzshNqeLO62UjhsUUchU2c03R1ggB8sIyKpPwMMaMD4= =QpzG -----END PGP SIGNATURE-----