-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 06 Aug 2021 14:25:38 -0400
Source: shiro
Binary: libshiro-java
Architecture: all
Version: 1.3.2-4+deb10u1
Distribution: buster
Urgency: medium
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Roberto C. Sánchez <roberto@debian.org>
Description:
 libshiro-java - Apache Shiro - Java Security Framework
Closes: 955018 968753
Changes:
 shiro (1.3.2-4+deb10u1) buster; urgency=medium
 .
   * Update patch for Spring Framework 4.3.x build failure.
   * Cherry-pick upstream patch with Guice improvements.
   * CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request
     could cause an authentication bypass. (Closes: #955018)
   * CVE-2020-11989: Fix an encoding issue introduced in the handling of the
     previous CVE-2020-1957 path-traversal issue which could have also caused an
     authentication bypass.
   * CVE-2020-13933: Fix an authentication bypass resulting from a specially
     crafted HTTP request. (Closes: #968753)
   * CVE-2020-17510: Fix an authentication bypass resulting from a specially
     crafted HTTP request.
Checksums-Sha1:
 1799e6eb46cd4e7658bd737964fb3329cca9e14d 567016 libshiro-java_1.3.2-4+deb10u1_all.deb
 b29381eb256e72fcc45a54df045d662d65c932a3 13317 shiro_1.3.2-4+deb10u1_all-buildd.buildinfo
Checksums-Sha256:
 d625fceffc5cba5332e6756276cb2838f66156dec55973adc68fa590d933df13 567016 libshiro-java_1.3.2-4+deb10u1_all.deb
 019a1c20a8cec468d5df654c0e70036b8664bb1c6ed704c14ebb7e473b9badc7 13317 shiro_1.3.2-4+deb10u1_all-buildd.buildinfo
Files:
 b27238b4ff6f1ce1565a9fea83738627 567016 java optional libshiro-java_1.3.2-4+deb10u1_all.deb
 4c6436468fad4ec98a5eed775f7b51e3 13317 java optional shiro_1.3.2-4+deb10u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEeNXCsz+mBQUIYcOwyd+jzxgwoBwFAmExiycACgkQyd+jzxgw
oBwCsg/+JX8pesosW7gLbDPFtQozDe6/MP+H+il8QgYct1yL53PkuZQaoE0VpAit
xhyUG3TbGOaKVaRP6K2dPFwBtKbGOF3s3t4wCNT6i99UeID30r3Z+Ds7zclkGG0+
CEQI9rNfIX/snUTbdjh6Wafbk4A31B7hDI/gVXncMX2n686ezARiI6pRiFj6tgtg
SS5VHYmlTJqcHDrNG9kC52aM5k0zDF3lcawoyMu/ohjScVjs6MzYyrzUSBBlttUE
ePeR1nUyOaKTzP7Uy/D11NsFDGdI1eYWjJ0NLZ8UoMRueTZfdJ7slkVDluTFUq92
2I5g5CkMEfcJ+IEElw0mj7jP46dt/lyFkXDSju4s6mHmIcPNiMMdLayITztEEEV6
c9ijElIvkbFvHKm4ehC8WGrOKIy5GG/rBLDGZxqaWu7zgAkTLeQEdDXeetrm34my
tFAelwpeDHaoB6LRrbZ8rrWbADg23PmfwPO4R8vb+1YhLf2v5eOpdPQ7tpsGKPE+
dsh/BA/qFZn2OxeO0C4Iab2Ca4BZ6LDOIKGgmxS03AI1ytH6Kcliys/WJZwjEiag
OStK8gHwTgepeN9Ikt4bi8x2zLTEX6tcaleCRSXovs52BCB/fXvngBVzv3ImWK4p
lGl5l/0YA7I+fbM87xTT+wcEmmbuXmI6ylHxR+Io1TBUqVojN9g=
=bQQU
-----END PGP SIGNATURE-----