Back to jackrabbit PTS page

Accepted jackrabbit 2.3.6-1+deb7u1 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted jackrabbit 2.3.6-1+deb7u1 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
From: Markus Koschany <apo@gambaru.de>
Date: Sun, 05 Jul 2015 18:47:54 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1ZBoxG-00079Q-AX@franck.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 25 Jun 2015 18:52:02 +0200
Source: jackrabbit
Binary: libjackrabbit-java
Architecture: source all
Version: 2.3.6-1+deb7u1
Distribution: wheezy-security
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@gambaru.de>
Description: 
 libjackrabbit-java - content repository implementation (JCR API)
Closes: 787316
Changes: 
 jackrabbit (2.3.6-1+deb7u1) wheezy-security; urgency=medium
 .
   * Team upload.
   * Add CVE-2015-1833.patch.
     Fix XXE/XEE vulnerability of the Jackrabbit WebDAV bundle.
     When processing a WebDAV request body containing XML, the XML parser can be
     instructed to read content from network resources accessible to the host,
     identified by URI schemes such as "http(s)" or "file". Depending on the
     WebDAV request, this can not only be used to trigger internal network
     requests, but might also be used to insert said content into the request,
     potentially exposing it to the attacker and others. (Closes: #787316)
Checksums-Sha1: 
 fad6246bd64c030ef5ffc4620acc7ed7591e154d 2118 jackrabbit_2.3.6-1+deb7u1.dsc
 122f3d471b8d92eadb2600e7d982b38b032cbf00 9641 jackrabbit_2.3.6-1+deb7u1.debian.tar.gz
 e1fb78194b4f783525e5a8103a1ad1c58adca17d 279240 libjackrabbit-java_2.3.6-1+deb7u1_all.deb
Checksums-Sha256: 
 ea1949a187a3f635c41af3c29e1a1bf735110e757b198f54dbb1298a931ab94c 2118 jackrabbit_2.3.6-1+deb7u1.dsc
 1579beb4c33d854f195a583b3ae18d142ad40cc35a01d7f4c20626c29c82dcea 9641 jackrabbit_2.3.6-1+deb7u1.debian.tar.gz
 15db483a34e3d4e1c9768875d8ac2656fcbf8f25e835cbaab4301e5dcdc72df7 279240 libjackrabbit-java_2.3.6-1+deb7u1_all.deb
Files: 
 f0d99d2853b7726303974320ca1cbc39 2118 java optional jackrabbit_2.3.6-1+deb7u1.dsc
 5761b3c3d9a0b4795aa91946ee47f75d 9641 java optional jackrabbit_2.3.6-1+deb7u1.debian.tar.gz
 cc028d0c3f3982462756c0ad5803f3bc 279240 java optional libjackrabbit-java_2.3.6-1+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVkIzzAAoJECHSBYmXSz6WD1wP/1tIcC3IhQx1WWto3Sq7Gw4j
k/pNeFwYKX5adQ+ztbidaYDCuepVnANSyJ0r6qqS6Vl+MeCkaLma3GNf6L8XXGKu
jcLwDMp856EPkoZqytZeuOeUST+kbx0Typbja7GJBdPhFyyfm1nsuZcCK24tcj97
zZXDE2jGhiSgex9RPRzCQIc3FxauZHz/ULRHzNM+7wLd20U/xSpNmmftO0vOirMS
4yyLYVYA1dNJOGLbZnBszIk585/iDsXVq0wlZhIJlkYPSi9lVmg4kSWV1JlitjWq
maIM1c3VE1LQlw2Wp37Xob+ZZspLlkQFd4D2H7j51vBxJT7J1yXLi37SqNMqryin
2pmk2REiUx/eqW7NZ0x6iHdmD5iQ/2JgGOS0wGOfLG/wINei1IDeTZqy/yNIZME/
yJa5UtE6vd2Xwxt4lSeaqWKDR0eO1Ds8NsuDOUzkp+IsOxkdGOYa/ZXS5zyRgpD0
C7yDgxPD7oadjVB9etPwqzjLxtIWe5QI1C4vrz1cO3Pq0hHS7CLQU4fBRHjGCJGk
0B+4+8pMljIRrDPLTfpMEOwylsDF8g7U1m7N8Vgq2eeHJm0pW/PWaZ55owFWarPs
nIWMXYpdUkZ/Xtr5CTxvmQRoGVJpHM3SKlT0rWeyRwySB4TzV/5bwylvZrol5E8D
HBeL2QPe0ydGs0bnd0um
=wcW4
-----END PGP SIGNATURE-----