shiro - Debian Package Tracker

general

source: shiro (main)
version: 1.3.2-4
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Emmanuel Bourg [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1.3.2-1
old-sec: 1.3.2-1+deb9u1
stable: 1.3.2-4
testing: 1.3.2-4
unstable: 1.3.2-4

versioned links

1.3.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.2-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.2-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libshiro-java

action needed

A new upstream version is available: 1.7.1 high

A new upstream version 1.7.1 is available, you should consider packaging it.

Created: 2020-06-29 Last update: 2021-06-13 04:04

4 security issues in stretch high

There are 4 open security issues in stretch.

3 important issues:

CVE-2020-13933: Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
CVE-2020-17510: Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
CVE-2020-17523: Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.

1 issue postponed or untriaged:

CVE-2019-12422: (needs triaging) Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.

Created: 2021-02-19 Last update: 2021-05-18 22:30

6 security issues in sid high

There are 6 open security issues in sid.

6 important issues:

CVE-2019-12422: Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
CVE-2020-11989: Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
CVE-2020-13933: Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
CVE-2020-17510: Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
CVE-2020-17523: Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
CVE-2020-1957: Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

Created: 2021-02-19 Last update: 2021-05-18 22:30

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.4.2-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit eb6d684042c00a1b935bd8157e236427db5f70f4
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:59:21 2019 +0100

    Set distribution to UNRELEASED

commit 7c278ce79b3ce052ec6a018074f900f3cf5d4b7f
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:47:04 2019 +0100

    Add a maven rule for hamcrest

commit fb31d5ec6fb5c717e170d75eec43736920a44b2f
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:28:56 2019 +0100

    Add libhamcrest-java to B-D.

commit 14cb513a8ab48fe71dad632e4b3b8d3b695de33a
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:26:29 2019 +0100

    Ignore org.apache.maven.plugins:maven-failsafe-plugin

commit 9431722e1efb566803c03b0e0b0c6a0244e78f24
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:21:44 2019 +0100

    Ignore some unsupported modules

commit 17291ba36402a64c6763cdf4e42a93c766a4bd53
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:06:31 2019 +0100

    Refresh patches for new release

commit 1d3306c6aa9d63b47add579df9e0d533427001bc
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:03:30 2019 +0100

    Update changelog

commit 41d3d9c459c19180cc9308bcb5ec6ca815d5431d
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:00:52 2019 +0100

    Declare compliance with Debian Policy 4.4.1.

commit 6513830d7dedaccfa5af4d41f54400b9d9065ac8
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:00:32 2019 +0100

    Switch to debhelper-compat = 12.

commit 918b601b534d483196e795901162fe353866f804
Merge: 8cf8783 74e76a3
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:00:17 2019 +0100

    Update upstream source from tag 'upstream/1.4.2'
    
    Update to upstream version '1.4.2'
    with Debian dir 329b1ef1be4dfb295305f4b5421a9f09bc6edfa0

commit 74e76a3a4aabd34d62b6aaff44297c853227b8da
Author: Markus Koschany <apo@debian.org>
Date:   Thu Dec 26 20:00:12 2019 +0100

    New upstream version 1.4.2

Created: 2019-12-30 Last update: 2021-06-05 17:10

lintian reports 9 warnings normal

Lintian reports 9 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-01-27 Last update: 2021-04-11 10:19

6 low-priority security issues in buster low

There are 6 open security issues in buster.

6 issues left for the package maintainer to handle:

CVE-2019-12422: (needs triaging) Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
CVE-2020-11989: (needs triaging) Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
CVE-2020-13933: (needs triaging) Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
CVE-2020-17510: (needs triaging) Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
CVE-2020-17523: (needs triaging) Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
CVE-2020-1957: (needs triaging) Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-05-18 22:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.3.0).

Created: 2019-07-08 Last update: 2020-11-17 05:41

news

[rss feed]

[2020-07-08] Accepted shiro 1.3.2-1+deb9u1 (source all) into oldstable (Chris Lamb)
[2020-04-19] Accepted shiro 1.2.3-1+deb8u1 (source all) into oldoldstable (Chris Lamb)
[2019-03-12] shiro 1.3.2-4 MIGRATED to testing (Debian testing watch)
[2019-03-01] Accepted shiro 1.3.2-4 (source) into unstable (Markus Koschany)
[2018-12-05] shiro 1.3.2-3 MIGRATED to testing (Debian testing watch)
[2018-11-29] Accepted shiro 1.3.2-3 (source) into unstable (Emmanuel Bourg)
[2017-08-23] shiro 1.3.2-2 MIGRATED to testing (Debian testing watch)
[2017-08-18] Accepted shiro 1.3.2-2 (source all) into unstable (tony mancill)
[2016-11-22] shiro 1.3.2-1 MIGRATED to testing (Debian testing watch)
[2016-11-16] Accepted shiro 1.3.2-1 (source all) into unstable (Emmanuel Bourg)
[2016-08-25] shiro 1.2.5-2 MIGRATED to testing (Debian testing watch)
[2016-08-19] Accepted shiro 1.2.5-2 (source all) into unstable (Emmanuel Bourg)
[2016-06-15] shiro 1.2.5-1 MIGRATED to testing (Debian testing watch)
[2016-06-12] Accepted shiro 1.2.5-1 (source all) into unstable (tony mancill)
[2015-07-27] shiro 1.2.4-1 MIGRATED to testing (Britney)
[2015-07-21] Accepted shiro 1.2.4-1 (source all) into unstable (Emmanuel Bourg)
[2014-11-04] shiro 1.2.3-1 MIGRATED to testing (Britney)
[2014-10-24] Accepted shiro 1.2.3-1 (source all) into unstable, unstable (Emmanuel Bourg)

bugs [bug history graph]

all: 4
RC: 0
I&N: 4
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 9)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.3.2-4