[ubuntu/plucky-proposed] shiro 1.3.2-5ubuntu1 (Accepted)

Hlib Korzhynskyy hlib.korzhynskyy at canonical.com
Tue Dec 10 14:19:16 UTC 2024 

shiro (1.3.2-5ubuntu1) plucky; urgency=medium

  * SECURITY UPDATE: Path traversal through path rewriting and Open Redirect
    with form authentication.
    - debian/patches/CVE-2023-34478.patch: Check for path traversal values in
      .../web/filter/InvalidRequestFilter.java.
    - debian/patches/CVE-2023-467xx.patch: Extend path traversal checking
      values in .../web/filter/InvalidRequestFilter.java.
    - CVE-2023-34478
    - CVE-2023-46749
    - CVE-2023-46750

Date: Mon, 09 Dec 2024 14:36:39 -0330
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/shiro/1.3.2-5ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 09 Dec 2024 14:36:39 -0330
Source: shiro
Built-For-Profiles: noudeb
Architecture: source
Version: 1.3.2-5ubuntu1
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Changes:
 shiro (1.3.2-5ubuntu1) plucky; urgency=medium
 .
   * SECURITY UPDATE: Path traversal through path rewriting and Open Redirect
     with form authentication.
     - debian/patches/CVE-2023-34478.patch: Check for path traversal values in
       .../web/filter/InvalidRequestFilter.java.
     - debian/patches/CVE-2023-467xx.patch: Extend path traversal checking
       values in .../web/filter/InvalidRequestFilter.java.
     - CVE-2023-34478
     - CVE-2023-46749
     - CVE-2023-46750
Checksums-Sha1:
 bfc3a43ab62de3a4e95ff6c8f80e75d07cf14cf0 2379 shiro_1.3.2-5ubuntu1.dsc
 0143e117062bd018cd6dbf43986424c51ccf9eb5 22008 shiro_1.3.2-5ubuntu1.debian.tar.xz
 903b5190201c08c96c8d1616790f285b71abc9c5 16328 shiro_1.3.2-5ubuntu1_source.buildinfo
Checksums-Sha256:
 8600c17b81796b6a22acfaccd426b1ff53a08b83ff35b98797e7f296007657ae 2379 shiro_1.3.2-5ubuntu1.dsc
 5b29cf3939ab5dffaadc7500fcdc67bb4e605df1f74e24d4b0cec64c4e674ddb 22008 shiro_1.3.2-5ubuntu1.debian.tar.xz
 c1bfd41dbc4aca1b05484d95d6be66970f422f905b21445dc58197232814e421 16328 shiro_1.3.2-5ubuntu1_source.buildinfo
Files:
 3244929090cf01db116434d00357c571 2379 java optional shiro_1.3.2-5ubuntu1.dsc
 f7e63d65f7cdddb7cde5e5b4eae59a23 22008 java optional shiro_1.3.2-5ubuntu1.debian.tar.xz
 50bfd5dc7aaa740a66e0b35909646fb2 16328 java optional shiro_1.3.2-5ubuntu1_source.buildinfo
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>

More information about the plucky-changes mailing list