[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2273-1] shiro security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : shiro
Version        : 1.3.2-1+deb9u1
CVE IDs        : CVE-2020-1957 CVE-2020-11989
Debian Bug     : #955018

It was discovered that there was two issues in shiro, a security
framework for Java application:

  * CVE-2020-1957: Fix a path-traversal issue where a
    specially-crafted request could cause an authentication bypass.

  * CVE-2020-11989: Fix an encoding issue introduced in the handling
    of the previous CVE-2020-1957 path-traversal issue which itself
    could have also caused an authentication bypass.

For Debian 9 "Stretch", these issues have been fixed in shiro version
1.3.2-1+deb9u1.

We recommend that you upgrade your shiro packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl8F3cEACgkQHpU+J9Qx
Hlg6WA//ZSir9Kr3s3tE3e/WiiVgUIJWEHNI7bHVEn6BYy3Cz49WH/dD1L7mgx1D
B78gtX17DUEQ0RXMluMN1fJ8T3hYFnYBrFLRJ5qhOqK1MOs3X3wdNk6w458fBmKB
OyurGoUb8T/s/qNu/3NejbB+h/KSr+QGulS1wrzHvEsAt0vsQ8Yt7WKlZyJPRKoG
T1Ur6iqQRBuCD4jezaaDZbhzk7Rp1E086vc4KLHS3Neouu8jFnQHCMsw2ezmZx52
n04gLwJqh6A3bS5gMP/rI5pueymq0/9youDO2m27Iv1dteCCKuJEuRlCgQ1bfu+z
6hE4LgL5qyrbo/xeHaEfAQniNU/XogwXr3rrbUfwJrQ1XVAFmpT0kTWjcnoVRWLN
vg+dfH+a8e/byMjwut9nOK93LDEzZqM+Wl938cbPMJUviAI/+P+Zhm03douT3dAV
ZMUY0trSOtWcKK1pR2+Wbj+DHfrPAkUkiO6Yx2g42JMSRO3rmrpiQj8OSqZtt+Y3
SnLo14i/LrdPZzM1UOGyryWuBGT8uHP/pZ1j5j50KpCIO0ETG6bTuJRoIilt2v3V
YVHoXeS5w1opUYudsBM6noiN0NHqwlFdvNBhdqnYxxATmqf9wjyVZJU/xU7ekv94
OmE3kdqPDwTMLfTTkHyzB2DykdbAzfRnGuFbYWH7rrKbL8oTr84=
=a/21
-----END PGP SIGNATURE-----


Reply to: