Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted shiro 1.3.2-5 (source) into unstable
Date: Fri, 27 Aug 2021 17:34:54 +0000
Signed by: Roberto C. Sanchez <roberto@familiasanchez.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 27 Aug 2021 13:10:19 -0400
Source: shiro
Architecture: source
Version: 1.3.2-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Roberto C. Sánchez <roberto@debian.org>
Closes: 955018 968753
Changes:
 shiro (1.3.2-5) unstable; urgency=medium
 .
   * Team upload.
   * Update patch for Spring Framework 4.3.x build failure.
   * Cherry-pick upstream patch with Guice improvements.
   * CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request
     could cause an authentication bypass. (Closes: #955018)
   * CVE-2020-11989: Fix an encoding issue introduced in the handling of the
     previous CVE-2020-1957 path-traversal issue which could have also caused an
     authentication bypass.
   * CVE-2020-13933: Fix an authentication bypass resulting from a specially
     crafted HTTP request. (Closes: #968753)
   * CVE-2020-17510: Fix an authentication bypass resulting from a specially
     crafted HTTP request.
Checksums-Sha1:
 480e59dd370ce6d79ea177f51a00f563455962d6 2272 shiro_1.3.2-5.dsc
 fcc8b1b28f0f1fd02f2f27e6dbb0a8b58c0dc3ac 20652 shiro_1.3.2-5.debian.tar.xz
 da681283559c80260cf6853495b0049fd5313dcc 13566 shiro_1.3.2-5_amd64.buildinfo
Checksums-Sha256:
 3dc9863e96e8339b19f286c6f376be0f81d5e7b9a85912ba61f972b468b1169c 2272 shiro_1.3.2-5.dsc
 949fd3320047c46b1aac4a1c39a7c053561738c5b10e4633585c0daa06966730 20652 shiro_1.3.2-5.debian.tar.xz
 d457edfc1dec67963dc2966f5d0b0f44856e084cfa1847f739dfad3d842602e1 13566 shiro_1.3.2-5_amd64.buildinfo
Files:
 61010d12ea9f8ef46464e068d50b4076 2272 java optional shiro_1.3.2-5.dsc
 4d756ea1c2391edaba436e5f8f22b9dd 20652 java optional shiro_1.3.2-5.debian.tar.xz
 c9d2453f90ae8706bbb57f43f2c9075b 13566 java optional shiro_1.3.2-5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAmEpHfgACgkQLNd4Xt2n
sg9Z4w//dMz/2YHROdoj53BolUBC3VyEP6tZKFWVUq6LWHaGp4LkkhiLQEskivVV
b5OL4/ztUWVS+jM6HeRUPlsu9ZkqNc5FhysHBZCdNUA9M5alLD6dsVLAIv8o+nmF
oyugyqlSnPFHKu6eojavIFwyp3My+BLHEoyNDwlqtqTv7U2QIiKDdQHTYffXexT9
8zZtgT9TbOefur+xW0peqNfRAi0Fl8mwHVCHDelMp0l9eEdpBqNPTrLZbUsgWPe5
NAKRBdidnk9vrgCoImK5Yvf9e2wox1OU+uyabfGv2tNTomD5Yjvi9okhi12PeUyN
X4xixcu50zK27QC3lbNzxVCpKK4ZLPXooBN9WN7Rz1aXePCdAI0xKnOD/JwSbRMQ
CRS85mkle0NA37zmLJMEKsLM/jKBMMx2575rC/Q6mWdsvhNxV9tL6YOwmu+yfXIq
uUA0TUegH/UGhLXiPcDctSZ7Cbfle5DzKZewjya6yuSxHDoukFVO+urMbFDewypf
4UgLw+4G3tMz7XwvnvDzLMG4xnp8WciG8d6+TzH5qGGuRK1yh545YezE+L4qtVAh
/wAUuubQiVmhX28CPSXPZLqsUjyZeLSl7KNyiqCBeru59O7pCUHGkVtSiOjSL38J
7vAyRwFQM7q0kMwdjxcuPw49/aVd9GEtU7u0F96wR7LSih99RuA=
=c9YY
-----END PGP SIGNATURE-----

News for package shiro