[ubuntu/focal-updates] shiro 1.3.2-4ubuntu0.2 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Thu Sep 7 02:28:08 UTC 2023

shiro (1.3.2-4ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: improper authentication issue when receiving specially
    crafted HTTP request
    - debian/patches/CVE-2020-13933.patch: new global filter added to block 
      invalid requests. 
    - debian/patches/CVE-2020-17510_1_of_2.patch: enable normalization of  
      backslashes in invalid request filter.
    - debian/patches/CVE-2020-17510_2_of_2.patch: disable session ID URL 
      rewriting by default.
    - debian/patches/CVE-2020-1957_11989.patch: patch updated with additional
    - debian/patches/05-guice-improvements.patch: support for Guice 4 added
      with patch also acting as an additional commit for the above patches.
    - CVE-2020-13933
    - CVE-2020-17510

Date: 2023-09-06 01:04:08.215955+00:00
Changed-By: Evan Caville <evan.caville at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list