Package "shiro"
Name: |
shiro
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- Apache Shiro - Java Security Framework
|
Latest version: |
1.3.2-4ubuntu0.2 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
universe |
Links
Other versions of "shiro" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
shiro (1.3.2-4ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: improper authentication issue when receiving specially
crafted HTTP request
- debian/patches/CVE-2020-13933.patch: new global filter added to block
invalid requests.
- debian/patches/CVE-2020-17510_1_of_2.patch: enable normalization of
backslashes in invalid request filter.
- debian/patches/CVE-2020-17510_2_of_2.patch: disable session ID URL
rewriting by default.
- debian/patches/CVE-2020-1957_11989.patch: patch updated with additional
testing.
- debian/patches/05-guice-improvements.patch: support for Guice 4 added
with patch also acting as an additional commit for the above patches.
- CVE-2020-13933
- CVE-2020-17510
-- Evan Caville <email address hidden> Tue, 08 Aug 2023 12:30:46 +1000
|
Source diff to previous version |
CVE-2020-13933 |
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. |
CVE-2020-17510 |
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. |
CVE-2020-1957 |
Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. |
|
shiro (1.3.2-4ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Improper Authentication
- debian/patches/CVE-2020-1957_11989.patch: Fix a path-traversal issue
where a specially-crafted request could cause an authentication bypass.
- CVE-2020-1957
- CVE-2020-11989
-- Paulo Flabiano Smorigo <email address hidden> Thu, 11 Feb 2021 12:53:26 +0000
|
CVE-2020-1957 |
Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. |
CVE-2020-11989 |
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. |
|
About
-
Send Feedback to @ubuntu_updates