[ubuntu/plucky-proposed] shiro 1.3.2-6ubuntu1 (Accepted)

Simon Quigley tsimonq2 at ubuntu.com
Thu Feb 20 03:07:16 UTC 2025 

shiro (1.3.2-6ubuntu1) plucky; urgency=medium

  * Merge from Debian Unstable. Remaining changes:
    - SECURITY UPDATE: Path traversal through path rewriting and Open Redirect
      with form authentication.
      + debian/patches/CVE-2023-34478.patch: Check for path traversal values in
        .../web/filter/InvalidRequestFilter.java.
      + debian/patches/CVE-2023-467xx.patch: Extend path traversal checking
        values in .../web/filter/InvalidRequestFilter.java.
      + CVE-2023-34478
      + CVE-2023-46749
      + CVE-2023-46750

shiro (1.3.2-6) unstable; urgency=medium

  * Depend on libservlet-api-java instead of libservlet3.1-java
  * Ignore the deprecated guice-multibindings dependency
  * Standards-Version updated to 4.7.0
  * Switch to debhelper level 13

Date: Wed, 19 Feb 2025 21:06:18 -0600
Changed-By: Simon Quigley <tsimonq2 at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/shiro/1.3.2-6ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 19 Feb 2025 21:06:18 -0600
Source: shiro
Built-For-Profiles: noudeb
Architecture: source
Version: 1.3.2-6ubuntu1
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Simon Quigley <tsimonq2 at ubuntu.com>
Changes:
 shiro (1.3.2-6ubuntu1) plucky; urgency=medium
 .
   * Merge from Debian Unstable. Remaining changes:
     - SECURITY UPDATE: Path traversal through path rewriting and Open Redirect
       with form authentication.
       + debian/patches/CVE-2023-34478.patch: Check for path traversal values in
         .../web/filter/InvalidRequestFilter.java.
       + debian/patches/CVE-2023-467xx.patch: Extend path traversal checking
         values in .../web/filter/InvalidRequestFilter.java.
       + CVE-2023-34478
       + CVE-2023-46749
       + CVE-2023-46750
 .
 shiro (1.3.2-6) unstable; urgency=medium
 .
   * Depend on libservlet-api-java instead of libservlet3.1-java
   * Ignore the deprecated guice-multibindings dependency
   * Standards-Version updated to 4.7.0
   * Switch to debhelper level 13
Checksums-Sha1:
 649189de10e1a1225d8928d0fab676b7a6e243a5 2400 shiro_1.3.2-6ubuntu1.dsc
 67bf59b4f2c8df007a7be90f174380476086184e 22164 shiro_1.3.2-6ubuntu1.debian.tar.xz
 fc58581106c49760dd2e24fcfb532cc4711b289d 13113 shiro_1.3.2-6ubuntu1_source.buildinfo
Checksums-Sha256:
 b23ce60551399ebee0c7e564dcdb4cdb5573d80317840613b855a3decb68f15e 2400 shiro_1.3.2-6ubuntu1.dsc
 3d9de9a465dcefc1bf457c8265dbc1ba405af4b9301fc190dd76a46c377119cb 22164 shiro_1.3.2-6ubuntu1.debian.tar.xz
 fa2c4b9d56ece5016debc9d4abcb9ba9497c7e0a6cf7217fbb72976c5fede032 13113 shiro_1.3.2-6ubuntu1_source.buildinfo
Files:
 664117267f9dc9c9d3461f900236c100 2400 java optional shiro_1.3.2-6ubuntu1.dsc
 d1d7988036d3536259178bee6c01adcd 22164 java optional shiro_1.3.2-6ubuntu1.debian.tar.xz
 9cdb68cdb50fafd1c995638046e2a376 13113 java optional shiro_1.3.2-6ubuntu1_source.buildinfo
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>

More information about the plucky-changes mailing list