Back to shiro PTS page

Accepted shiro 1.3.2-1+deb9u1 (source all) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted shiro 1.3.2-1+deb9u1 (source all) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 08 Jul 2020 15:00:13 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1jtBYT-0005pn-Qn@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 08 Jul 2020 15:37:03 +0100
Source: shiro
Binary: libshiro-java
Architecture: source all
Version: 1.3.2-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 libshiro-java - Apache Shiro - Java Security Framework
Closes: 955018
Changes:
 shiro (1.3.2-1+deb9u1) stretch-security; urgency=high
 .
   * CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request
     could cause an authentication bypass. (Closes: #955018)
   * CVE-2020-11989: Fix an encoding issue introduced in the handling of the
     previous CVE-2020-1957 path-traversal issue which could have also caused an
     authentication bypass.
Checksums-Sha1:
 e5c24f50abefbfdb1dc462b36f47ee090936de84 2305 shiro_1.3.2-1+deb9u1.dsc
 16e6971d0a4e49be931ef1be48cb23ed155ccc7e 478884 shiro_1.3.2.orig.tar.xz
 ef154d836b335656b6630ab917b9bb0d7cc2806b 5560 shiro_1.3.2-1+deb9u1.debian.tar.xz
 d045a686feb3b2e471a494ca0a6e01415880b403 558626 libshiro-java_1.3.2-1+deb9u1_all.deb
 67557b25ff2f2c2c9dbcfef76f88b001f91f9223 15739 shiro_1.3.2-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
 83f16fc4c7d7c509b8957e367413c7106c4edc824e7a18704eb02f20fa8a9d9f 2305 shiro_1.3.2-1+deb9u1.dsc
 ae9a3f73a64c05148de9a6c3c09852d3909add94776d47032ec8ff8befed8c5e 478884 shiro_1.3.2.orig.tar.xz
 ed9865c72e9955cb7d7b1f6cad1172c18b8e667e610822f5314973fa80b8217c 5560 shiro_1.3.2-1+deb9u1.debian.tar.xz
 1f79cb9710514b073d2719a5246c01f04efdb9e52445952eb25746282e03b14e 558626 libshiro-java_1.3.2-1+deb9u1_all.deb
 55c7ff4dd8ca7c6665785bb22d83f2fd2056de97888ae43e604e70dd0ab74db0 15739 shiro_1.3.2-1+deb9u1_amd64.buildinfo
Files:
 0bd5d85390a23aff00213ecb35549e51 2305 java optional shiro_1.3.2-1+deb9u1.dsc
 030b2d8ebce394a581ce1a5248a21e0e 478884 java optional shiro_1.3.2.orig.tar.xz
 3664a91ec2e8f0de69274a4002aab843 5560 java optional shiro_1.3.2-1+deb9u1.debian.tar.xz
 6a8a8cfefc4740fca4126116dba50014 558626 java optional libshiro-java_1.3.2-1+deb9u1_all.deb
 845b9cb43bd8094a0c226fc401ca2cc3 15739 java optional shiro_1.3.2-1+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl8F3FIACgkQHpU+J9Qx
HlhzWA/+NGbAIA2clIwAhmTwYO5kzqVyMzhU1hm0rIA7aW4FmRO2C9rZFUnHL4ZV
F0UaPkngVTxILOoBbz6/v28mFDfkKvqmCWn4o5zLVCrm0f5Uw4TZ0k4AZeQSpR+Z
YGh4k0EFtoc29cOPWumaMqo3LvYse71q3J+etnUS91N3nViqJCJvZrBBAEGZ5SpF
kMOabVMrStCuB28hotaRQWMjYA/wviVFbwQ/RIMEn24cV67a5VxATMQGb3Qf2G8Y
1TFuB5ZtYnQ57h0N8uIzgJO28xFVENJXouugaf3EdEkXmLk0fT/8syHZ/01S+qWS
n0cdetyZ7Kz4/yvBxZDZtP7dS0A66PZ81uquvGVDH6BT7lXgupT1sgaoV82DF9Hn
8hU7tUeIzP6uUmEtRfdv/4mx2bKE2BoJokq8AGLAmKAVR9clUwbMYYzyuH4qS8oO
mtfXvok8eKfJLrtcpBRLeIHA8Xn/Yc3uBjLFYs7prhaPCd8uaR8K3ushGrbG5CpA
qoLAYxn7D3Oh4NBsfVx/M8K2sURze2832h0Ol/SOXXvNr1KkaS4LtoDpLfLwewAm
R7b3sMAiUCb5bD9B+rASCfwM4qzfQ3XyVFOD1dXe2/0fm/+flCSgJ7EDM0ldgbM8
nBtUgxTIeyxtLEtheYgnQQ3l9lXKmCjdKWXJJNjvPEoal9NQNaI=
=9Mxk
-----END PGP SIGNATURE-----