[ubuntu/focal-security] shiro 1.3.2-4ubuntu0.2 (Accepted)
Evan Caville
evan.caville at canonical.com
Thu Sep 7 01:41:26 UTC 2023
shiro (1.3.2-4ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: improper authentication issue when receiving specially
crafted HTTP request
- debian/patches/CVE-2020-13933.patch: new global filter added to block
invalid requests.
- debian/patches/CVE-2020-17510_1_of_2.patch: enable normalization of
backslashes in invalid request filter.
- debian/patches/CVE-2020-17510_2_of_2.patch: disable session ID URL
rewriting by default.
- debian/patches/CVE-2020-1957_11989.patch: patch updated with additional
testing.
- debian/patches/05-guice-improvements.patch: support for Guice 4 added
with patch also acting as an additional commit for the above patches.
- CVE-2020-13933
- CVE-2020-17510
Date: 2023-09-06 01:04:08.215955+00:00
Changed-By: Evan Caville <evan.caville at canonical.com>
https://launchpad.net/ubuntu/+source/shiro/1.3.2-4ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list