-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 06 Aug 2021 14:25:38 -0400
Source: shiro
Architecture: source
Version: 1.3.2-4+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Roberto C. Sánchez <roberto@debian.org>
Closes: 955018 968753
Changes:
 shiro (1.3.2-4+deb11u1) bullseye; urgency=medium
 .
   * Update patch for Spring Framework 4.3.x build failure.
   * Cherry-pick upstream patch with Guice improvements.
   * CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request
     could cause an authentication bypass. (Closes: #955018)
   * CVE-2020-11989: Fix an encoding issue introduced in the handling of the
     previous CVE-2020-1957 path-traversal issue which could have also caused an
     authentication bypass.
   * CVE-2020-13933: Fix an authentication bypass resulting from a specially
     crafted HTTP request. (Closes: #968753)
   * CVE-2020-17510: Fix an authentication bypass resulting from a specially
     crafted HTTP request.
Checksums-Sha1:
 12a8c6935db961590424d2cbba797d1627fecd05 2304 shiro_1.3.2-4+deb11u1.dsc
 c224947cebd4152f83b2cb4112a699ca83de2de4 20668 shiro_1.3.2-4+deb11u1.debian.tar.xz
 7bb268bad4b73734da310963c646a3b179082a87 13569 shiro_1.3.2-4+deb11u1_amd64.buildinfo
Checksums-Sha256:
 78446298a3c953ba23f6a3e8b668bcbff5b79268fb69e6b7a6f4ee97e920eeab 2304 shiro_1.3.2-4+deb11u1.dsc
 cbda01dfd37cec012019bcd121edd8187b7b7bfb22e277906b77c3c60ae896cf 20668 shiro_1.3.2-4+deb11u1.debian.tar.xz
 fafd00896688748b73ff010e903eea5d9ef843c982191a29de967b2975bc462d 13569 shiro_1.3.2-4+deb11u1_amd64.buildinfo
Files:
 70814344313816ef10e3e377cc3ddb76 2304 java optional shiro_1.3.2-4+deb11u1.dsc
 049d4fbfe7cd676581ee6b19306c522e 20668 java optional shiro_1.3.2-4+deb11u1.debian.tar.xz
 8e2299e68d4929fd05b7a4a89aa3f288 13569 java optional shiro_1.3.2-4+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAmEsQIEACgkQLNd4Xt2n
sg/1Gg//VR9tZqWRzjYLLeXI+NA9ud0hyKihFmyjww5uH6SEh9e04fn1Cgg4WEhr
ns/5yKn69/CHyknKLQT6qDbnmoiggzNj/yUss0EvygcYYhGMw5ZL9snNAbc1a8t4
VV+ovJvThC0vmxpXglUlfFElaEbSEQZJOfSv0om6RaTCbLxGsw7g65IltUQTDJDf
LsNbXEM7EUoRwc/Pu/bs6B9EMaOitjpszFSjj0K2IxjMSGDk2p8TNWSxMESoET31
mHhFRqyEHg0CH6lMX5/e2iS3FxcykaHkR9PIRhPEey42HpK4RhP1yy52e/OivBSk
V5fSvbt0V3llDdHI1/t/viqFUxyVhLUXS3v83kegHlvhdAyZQt1D6anGYPoMLzIq
c4jeogb8aESVRgvd4E8aHEu/HXPVKOavE0BGqEZnS4iDnB3qcyGf7QvCtMlG+Hp/
CWYCDPwiog+Fa3dt0GzhVSiqaRWpvmvQZNV0D6C4KFtXNVI1DOxDJD4wu1WaW2H6
6DPZjKiFiZKrryV5lwaj2pNN5a/1qZGsx1g8cXacB41kA6XBx/a7K9BXoOXo5DKw
GOrFxVeWum1p30Ak9i/WQzjmba12YU/0uRuB2f3J4m7x5M9XnDXHvzZcqJcM17uL
BZizOYiU+FWpvkbnCHhenWYA4hJNLc1n9kcPsg4oUyG3mqef9qk=
=00/w
-----END PGP SIGNATURE-----