Debian Package Tracker

general

source: shiro (main)
version: 1.3.2-4
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Emmanuel Bourg [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.2.3-1
oldstable: 1.3.2-1
stable: 1.3.2-4
testing: 1.3.2-4
unstable: 1.3.2-4

versioned links

1.2.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.2-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libshiro-java

action needed

A new upstream version is available: 1.5.1 high

A new upstream version 1.5.1 is available, you should consider packaging it.

Created: 2017-11-21 Last update: 2020-02-28 05:05

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2019-12422: Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.

Please fix it.

Created: 2019-11-19 Last update: 2020-01-18 00:36

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-12422: Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.

Please fix it.

Created: 2019-11-19 Last update: 2020-01-18 00:36

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.4.2-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit eb6d684042c00a1b935bd8157e236427db5f70f4
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:59:21 2019 +0100

    Set distribution to UNRELEASED

commit 7c278ce79b3ce052ec6a018074f900f3cf5d4b7f
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:47:04 2019 +0100

    Add a maven rule for hamcrest

commit fb31d5ec6fb5c717e170d75eec43736920a44b2f
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:28:56 2019 +0100

    Add libhamcrest-java to B-D.

commit 14cb513a8ab48fe71dad632e4b3b8d3b695de33a
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:26:29 2019 +0100

    Ignore org.apache.maven.plugins:maven-failsafe-plugin

commit 9431722e1efb566803c03b0e0b0c6a0244e78f24
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:21:44 2019 +0100

    Ignore some unsupported modules

commit 17291ba36402a64c6763cdf4e42a93c766a4bd53
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:06:31 2019 +0100

    Refresh patches for new release

commit 1d3306c6aa9d63b47add579df9e0d533427001bc
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:03:30 2019 +0100

    Update changelog

commit 41d3d9c459c19180cc9308bcb5ec6ca815d5431d
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:00:52 2019 +0100

    Declare compliance with Debian Policy 4.4.1.

commit 6513830d7dedaccfa5af4d41f54400b9d9065ac8
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:00:32 2019 +0100

    Switch to debhelper-compat = 12.

commit 918b601b534d483196e795901162fe353866f804
Merge: 8cf8783 74e76a3
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:00:17 2019 +0100

    Update upstream source from tag 'upstream/1.4.2'
    
    Update to upstream version '1.4.2'
    with Debian dir 329b1ef1be4dfb295305f4b5421a9f09bc6edfa0

commit 74e76a3a4aabd34d62b6aaff44297c853227b8da
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:00:12 2019 +0100

    New upstream version 1.4.2

Created: 2019-12-30 Last update: 2020-02-21 03:34

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2019-12422: Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.

Please fix it.

Created: 2019-11-19 Last update: 2020-01-18 00:36

3 ignored security issues in jessie low

There are 3 open security issues in jessie.

3 issues skipped by the security teams:

CVE-2016-4437: Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
CVE-2016-6802: Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.
CVE-2019-12422: Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.

Please fix them.

Created: 2016-06-04 Last update: 2020-01-18 00:36

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2019-12422: Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.

Please fix it.

Created: 2019-11-19 Last update: 2020-01-18 00:36

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.3.0).

Created: 2019-07-08 Last update: 2020-01-21 05:05

news

[rss feed]

[2019-03-12] shiro 1.3.2-4 MIGRATED to testing (Debian testing watch)
[2019-03-01] Accepted shiro 1.3.2-4 (source) into unstable (Markus Koschany)
[2018-12-05] shiro 1.3.2-3 MIGRATED to testing (Debian testing watch)
[2018-11-29] Accepted shiro 1.3.2-3 (source) into unstable (Emmanuel Bourg)
[2017-08-23] shiro 1.3.2-2 MIGRATED to testing (Debian testing watch)
[2017-08-18] Accepted shiro 1.3.2-2 (source all) into unstable (tony mancill)
[2016-11-22] shiro 1.3.2-1 MIGRATED to testing (Debian testing watch)
[2016-11-16] Accepted shiro 1.3.2-1 (source all) into unstable (Emmanuel Bourg)
[2016-08-25] shiro 1.2.5-2 MIGRATED to testing (Debian testing watch)
[2016-08-19] Accepted shiro 1.2.5-2 (source all) into unstable (Emmanuel Bourg)
[2016-06-15] shiro 1.2.5-1 MIGRATED to testing (Debian testing watch)
[2016-06-12] Accepted shiro 1.2.5-1 (source all) into unstable (tony mancill)
[2015-07-27] shiro 1.2.4-1 MIGRATED to testing (Britney)
[2015-07-21] Accepted shiro 1.2.4-1 (source all) into unstable (Emmanuel Bourg)
[2014-11-04] shiro 1.2.3-1 MIGRATED to testing (Britney)
[2014-10-24] Accepted shiro 1.2.3-1 (source all) into unstable, unstable (Emmanuel Bourg)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.3.2-4