| Release | Version |
|---|---|
| jessie | 1.2.3-1 |
| stretch | 1.3.2-1 |
| buster | 1.3.2-4 |
| bullseye | 1.3.2-4 |
| sid | 1.3.2-4 |
| Bug | jessie | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2019-12422 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Apache Shiro before 1.4.2, when using the default "remember me" config ... |
| CVE-2016-6802 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | Apache Shiro before 1.3.2 allows attackers to bypass intended servlet ... |
| CVE-2016-4437 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | Apache Shiro before 1.2.5, when a cipher key has not been configured f ... |
| Bug | Description |
|---|---|
| CVE-2014-0074 | Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthen ... |
| CVE-2010-3863 | Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize ... |