Mapping buster to oldstable. Mapping oldstable to oldstable-proposed-updates.
Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 06 Aug 2021 14:25:38 -0400 Source: shiro Architecture: source Version: 1.3.2-4+deb10u1 Distribution: buster Urgency: medium Maintainer: Debian Java Maintainers <[email protected]> Changed-By: Roberto C. Sánchez <[email protected]> Closes: 955018 968753 Changes: shiro (1.3.2-4+deb10u1) buster; urgency=medium . * Non-maintainer upload by the Security Team. * Update patch for Spring Framework 4.3.x build failure. * Cherry-pick upstream patch with Guice improvements. * CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request could cause an authentication bypass. (Closes: #955018) * CVE-2020-11989: Fix an encoding issue introduced in the handling of the previous CVE-2020-1957 path-traversal issue which could have also caused an authentication bypass. * CVE-2020-13933: Fix an authentication bypass resulting from a specially crafted HTTP request. (Closes: #968753) * CVE-2020-17510: Fix an authentication bypass resulting from a specially crafted HTTP request. Checksums-Sha1: aea576219d745e70fe83c3eea21f1dedee1698bf 2304 shiro_1.3.2-4+deb10u1.dsc 16e6971d0a4e49be931ef1be48cb23ed155ccc7e 478884 shiro_1.3.2.orig.tar.xz 50bacdf2fb50436b95ad322cd9da0bf110e580ae 20680 shiro_1.3.2-4+deb10u1.debian.tar.xz b348700ae362290e263b79b7588029bfc64a6a49 13532 shiro_1.3.2-4+deb10u1_amd64.buildinfo Checksums-Sha256: ff5700a8d7a8237cd9705c68b339029b4edc4a4907c73d0ed400089a37c4ed92 2304 shiro_1.3.2-4+deb10u1.dsc ae9a3f73a64c05148de9a6c3c09852d3909add94776d47032ec8ff8befed8c5e 478884 shiro_1.3.2.orig.tar.xz 3c14726dbeecab004f5d3308b02844642b5908a445f237e2416d97bc36ca7ecc 20680 shiro_1.3.2-4+deb10u1.debian.tar.xz 3503a81b0e9b5406cf5223f57c95b0e509cefcdce6a844bbb9e66ed7af5875cd 13532 shiro_1.3.2-4+deb10u1_amd64.buildinfo Files: 74d5b1ccc71ad1c679a74aefb75cff3e 2304 java optional shiro_1.3.2-4+deb10u1.dsc 030b2d8ebce394a581ce1a5248a21e0e 478884 java optional shiro_1.3.2.orig.tar.xz 89cb9f83982a74ef9bc9b88b2e459ce8 20680 java optional shiro_1.3.2-4+deb10u1.debian.tar.xz 71129cbb116c53ffd11c26b858235b01 13532 java optional shiro_1.3.2-4+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAmEpHfYACgkQLNd4Xt2n sg+mMQ/+K0ooMRzDngCSmKbc/G2F8Amlkrl1BJMUUR+EiDSB27D5KkYUruXPBKVt rB9nHec+EmAzAGNtCnzB6tmLqVJtAmPR+hRU6KZhopd/Jx5LPSKhujiivmBupLnK T/H5gdLM7OUS+f+Tv4VoQ5qiCMJqOFKXIqNEEwSKrdYQzD6U+YST20pwvGIX7zqp xdLeV1P83jVJp8rIUV5Wvn54hSXUkjZNjDfCqMeKzcn1W/e/aXJOrfXub2YE/qc+ Gj/5I+Z+43aWRf9ipr1GuRgI7AnbWI62xes8jJeswVX2Ex7z3CI1cCS2L1seP6bF YAYXdoDl5ppEcWov78tjfdinOPgPfibT6RR5V8zAAS3GVca6ILVf5jjfl3CNPp87 Ln9dz0D46Ym4GqXRwOd4RPWJrZ6wqBEK6tsEjCu39XN5oeAUGG5eymdO1xj4Kgfq dY82VRDmr+aPjQMhF1iTyoMUXp/evE8elnCbigcMO8ORSvDpNgMXDARXfDQclIws yjxc8gm/Ypolfz1ZKWSnYDj4FV/CCZi3aPCYqbENSWWiWD7MbrUAqy7PrJcamq4f LifA7bwkAJqXL2PqkXDx5RThr2F9Rr/lYnkMmE5qVhJncCriXII4tMGK5906/yoc N+K2IDPxhexDA7Bx0WQCNT1cKJZjFrAWZ6dKhb5W48qdiYa3ffI= =T03U -----END PGP SIGNATURE----- Thank you for your contribution to Debian. __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
