[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2181-1] shiro security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : shiro
Version        : 1.2.3-1+deb8u1
CVE ID         : CVE-2020-1957
Debian Bug     : #955018

It was discovered that there was a path-traversal issue in Apache
Shiro, a security framework for the Java programming language. A
specially-crafted request could cause an authentication bypass.

For Debian 8 "Jessie", this issue has been fixed in shiro version
1.2.3-1+deb8u1.

We recommend that you upgrade your shiro packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl6cGnIACgkQHpU+J9Qx
HlhZeBAAsML9mnKxDWCtER2aZJvU9bQkZ+m9AV/yDYfa2f6hWPffWXIVOaKarD8f
SIpALxsWhzHMWYzQtfMWCJc47r/oItd+kWz2FkoI8ZcM0MM3IO2lNYbIT2xuk5uU
vRP2Fzbe2WbRj0skaGMTMm50cNxYeI5/Vaool/r5FeckiSBcekGU7m8ZokEQrvlZ
o3JTaB/ANJRexUPSOc0h4zdtRf2Ws1d0mcAs82mcfmH3f2i17SH+J65O2WfmOmRm
nhgLFXOygpKQ6cgejYVizl8o0Mr4tC57jb6zUNUgSnvTQN5/JHAyuubMWstD1k+O
Joc5rFrDSwVMGwslCeezRLrsE2uWbI6DdUG2eMSVU7S3mdf6vcIhpS2frOqDXvdh
NO1+ctBeFebgMHtyk9nzCEX8F0ZbMhtDw0ieikawE3i9+Lpcdr0pTp+jh+Vx27QJ
HRTRQccX4/J9CICL7fiLWwQp0q8laps5HVeQ7lyMEAb2srlyC6w7qsoKTFattkWA
9UzJQCa10IMM7wI+ac/IQq6I3ESxIP5k7AnQIW0oC2Ye9IxTe958w+6WzEt2VmlX
A1rdSbHrKZu8ZDiEz99FligOO+mM1z2wBjUxRxnzUzvlYaJVu5ZLFZoifFA9tAk0
Bbbc2tBoa/MUr27BBYU+qEqrfszj3e3Ef9KTBbVdcfOoi1RWqCI=
=TIcr
-----END PGP SIGNATURE-----


Reply to: