| Release | Version |
|---|---|
| stretch | 1.3.2-1 |
| stretch (security) | 1.3.2-1+deb9u1 |
| buster | 1.3.2-4 |
| bullseye | 1.3.2-4 |
| sid | 1.3.2-4 |
| Bug | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|
| CVE-2020-1957 | fixed | vulnerable | vulnerable | vulnerable | Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic ... |
| CVE-2020-13933 | vulnerable | vulnerable | vulnerable | vulnerable | Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafte ... |
| CVE-2020-11989 | fixed | vulnerable | vulnerable | vulnerable | Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic ... |
| CVE-2019-12422 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Apache Shiro before 1.4.2, when using the default "remember me" config ... |
| Bug | Description |
|---|---|
| CVE-2016-6802 | Apache Shiro before 1.3.2 allows attackers to bypass intended servlet ... |
| CVE-2016-4437 | Apache Shiro before 1.2.5, when a cipher key has not been configured f ... |
| CVE-2014-0074 | Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthen ... |
| CVE-2010-3863 | Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize ... |
| DSA / DLA | Description |
|---|---|
| DLA-2273-1 | shiro - security update |
| DLA-2181-1 | shiro - security update |