-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 06 Aug 2021 14:25:38 -0400
Source: shiro
Binary: libshiro-java
Architecture: all
Version: 1.3.2-4+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Roberto C. Sánchez <roberto@debian.org>
Description:
 libshiro-java - Apache Shiro - Java Security Framework
Closes: 955018 968753
Changes:
 shiro (1.3.2-4+deb11u1) bullseye; urgency=medium
 .
   * Update patch for Spring Framework 4.3.x build failure.
   * Cherry-pick upstream patch with Guice improvements.
   * CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request
     could cause an authentication bypass. (Closes: #955018)
   * CVE-2020-11989: Fix an encoding issue introduced in the handling of the
     previous CVE-2020-1957 path-traversal issue which could have also caused an
     authentication bypass.
   * CVE-2020-13933: Fix an authentication bypass resulting from a specially
     crafted HTTP request. (Closes: #968753)
   * CVE-2020-17510: Fix an authentication bypass resulting from a specially
     crafted HTTP request.
Checksums-Sha1:
 62710c09691d26f932afa8eb48e006a1800b0b38 566912 libshiro-java_1.3.2-4+deb11u1_all.deb
 07106091eaa986433165919945fba9ee28a425a1 13294 shiro_1.3.2-4+deb11u1_all-buildd.buildinfo
Checksums-Sha256:
 cc0212684df84ba0ca8c04616eece8a8b95f746acd3ad1ef9fda0ca89af1316d 566912 libshiro-java_1.3.2-4+deb11u1_all.deb
 86ddf1cac40b2b14d6a045ad7f711d7804ba4035398af67222e2feb050528353 13294 shiro_1.3.2-4+deb11u1_all-buildd.buildinfo
Files:
 f835719a2527b3d21d9db6c71ffc2daf 566912 java optional libshiro-java_1.3.2-4+deb11u1_all.deb
 7640b28441c066edf9d0cc0fd11da6ac 13294 java optional shiro_1.3.2-4+deb11u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEeNXCsz+mBQUIYcOwyd+jzxgwoBwFAmExjLMACgkQyd+jzxgw
oBxfBhAAwtqUMEx83ZlSs0hbB1ShYzGcmI+CAgDbptgOdYNE7HGoaWvfSyLBnD8j
gkc7XqpgLnTl3OFecbiWypkK9uduV+O8CxqN45IuGGF36BC8P0Be7gt5eHcbsbVG
lKO/FrDNEQeXxSV/42NFfcVs7vUqw8mwx8VfRftOzh7DaXM4qux56URlJ+L4NVwQ
9ev4h93yiY561yDCanW+kzJ4JspZDRIvuftvyH5EQuhdeDk5ckqEi/Y2hbuGxuxJ
cIqSeBF2Y2Kfa/M6JVHLqtJmOUlZu3q20TG27Xn4x3I64k9xo0//flmIqvrbzR3n
BsD+I6wk94vt7yiHjXpAUdE0ZII7fatk17PhIWEdVbWS0Lt4jA4r2Gu9euPRlIkz
fPDFinge0jMqYsSyamKIa/syjtMfrhkZMDC842w3uaw+wzVVHksiuFHDaoDazA2a
07oznZEkp3UtICTpLmBDtAINxWicyU3hWt4YbONW6zuCZvz1PyyW4bXFv0+/n24J
+vg56PyllnEnciuSFBVDkQA1BHwqhx09jQfFYV58n5Ke2OOooJ53UXEURVH6Sau7
IIb+Hlb/4zAkX/ZYxS0tTlsHnp/y1q/cKlp8o0w3/B6eSnU+Bw1AmZ3/M8hihYpx
z/fSsnXofPfyxKV4wlKPi2t+gE8TXrO0NZBI21FFOdOHFE33NGc=
=9LCj
-----END PGP SIGNATURE-----