-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 06 Aug 2021 14:25:38 -0400 Source: shiro Architecture: source Version: 1.3.2-4+deb10u1 Distribution: buster Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Roberto C. Sánchez <roberto@debian.org> Closes: 955018 968753 Changes: shiro (1.3.2-4+deb10u1) buster; urgency=medium . * Update patch for Spring Framework 4.3.x build failure. * Cherry-pick upstream patch with Guice improvements. * CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request could cause an authentication bypass. (Closes: #955018) * CVE-2020-11989: Fix an encoding issue introduced in the handling of the previous CVE-2020-1957 path-traversal issue which could have also caused an authentication bypass. * CVE-2020-13933: Fix an authentication bypass resulting from a specially crafted HTTP request. (Closes: #968753) * CVE-2020-17510: Fix an authentication bypass resulting from a specially crafted HTTP request. Checksums-Sha1: aab103fd26c43b0469ee1829794653b50807e30f 2304 shiro_1.3.2-4+deb10u1.dsc 99b972a2f8f451970ba45f8f5fb6ea5f4688c0b5 20664 shiro_1.3.2-4+deb10u1.debian.tar.xz 3d05f08f0fa16a773c2bc9a737e58083f3e92d9c 13532 shiro_1.3.2-4+deb10u1_amd64.buildinfo Checksums-Sha256: 7646e5c7f259185e8be9b9927d2497817e69016883d82124d7efa487ca83e492 2304 shiro_1.3.2-4+deb10u1.dsc b2f260e52a7989904e8fcc9e37f312a5baf70ff9962e8507c9b91c54aa4a87bf 20664 shiro_1.3.2-4+deb10u1.debian.tar.xz 404a351ad507275fd35a7e511adc813ab7f1514a7e93795b366e72e2f1a9e874 13532 shiro_1.3.2-4+deb10u1_amd64.buildinfo Files: 761e50460a9ebc5954f733f487b7c323 2304 java optional shiro_1.3.2-4+deb10u1.dsc 00c4023645478c30532a3d12fc13a689 20664 java optional shiro_1.3.2-4+deb10u1.debian.tar.xz 398676b667fbb59c9d8f4bbe3f90a936 13532 java optional shiro_1.3.2-4+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAmEsQIAACgkQLNd4Xt2n sg8G6xAAklcoDI1mxel1uIKgWfpjaEI3eRCXUmKws0V+ewUDhHKpb5Obg3NXZcaO 4LPbowxV6t7vwmM5Krmm6e2seV+6SE2PY1uJgTt4PhembLezndwEqPYFwAOX6RAi uv7zrx/PpQ9xxDxKIrBewWzbUrwAKElrqVale9ERmKMTv3kc1ZHP8S1dFqiu/aLJ NuZSGBS+MFbJFe2oGGYdaPj+OT0AKL3XlH4EooujbjXTMlxT/2/9xAE3vwBuNSm9 VJveu9jiN9qKnNj5Po6yZ09kluq4eJGkL54Zo3MVKcIblLRBpx38r4djLmJrAYLM SIYyefV6SpYn3k4NEyKpFTxXzZgRIHLHuyPoZ+Gn83dN1vmZqj/w73Z+cx8t+1DV X8IswVaqo5n4mamn889iDCNX747TsoO2hbx1E9WB/HpgLqpuyABGs5/gRgRjFqFU xKy/xQ54cxa3KknN7RqdjJi3PY9E2+0Kt8x7MeM5/ycpCbXlKLSB8KqwMPwZLPrT zXvhL6wZq50GNANaDE+vPe2QZOR3QH+5asUMmf2PsdbhGGEoRbZwgRfRyzd1W+9G 1qGjX/bXSV/Fz/+XnCOagxfoe18EKioft6mzkCsdwHVH6NFdBp6i2paQ+/Q+GFBF fu927ztaeZihZGWhDsjLoCZe3dNf1iICvxxVLyUBToW8Bn7g7bA= =Yy/s -----END PGP SIGNATURE-----