Accepted jackrabbit 2.3.6-1+deb8u2 (source all) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 26 Sep 2016 20:05:38 +0200
Source: jackrabbit
Binary: libjackrabbit-java
Architecture: source all
Version: 2.3.6-1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libjackrabbit-java - content repository implementation (JCR API)
Changes:
jackrabbit (2.3.6-1+deb8u2) jessie-security; urgency=high
.
* Team upload.
* Fix CVE-2016-6801:
The CSRF content-type check for POST requests did not handle missing
Content-Type header fields, nor variations in field values with respect to
upper/lower case or optional parameters. This could be exploited to create
a resource via CSRF.
Checksums-Sha1:
95b58cbdb45924a39f9da2bb4d2b494af6756de7 2262 jackrabbit_2.3.6-1+deb8u2.dsc
1eee828d7b7dee73d9d7b2c54b7672189c4bfeb2 11092 jackrabbit_2.3.6-1+deb8u2.debian.tar.xz
95b3501306adb84fb78970f36991147b5346f8d1 275980 libjackrabbit-java_2.3.6-1+deb8u2_all.deb
Checksums-Sha256:
4de2ed0ac7cef5e46e37cc60133ae3184387434f210673bb6a80c146f67fd83d 2262 jackrabbit_2.3.6-1+deb8u2.dsc
ca9144ec0b5c68697f13312622a7c365a2f8b49442d455896d28a6b81a1c7448 11092 jackrabbit_2.3.6-1+deb8u2.debian.tar.xz
a13bf155f7fd18fb2f20497556cef6e12c5937bfbd9406b9f8f9c3d85572fb6a 275980 libjackrabbit-java_2.3.6-1+deb8u2_all.deb
Files:
9cbacbf04ad59521863486d38073c895 2262 java optional jackrabbit_2.3.6-1+deb8u2.dsc
843597a3f9bdb1ab07fabb3a2720c6a3 11092 java optional jackrabbit_2.3.6-1+deb8u2.debian.tar.xz
c786ac04b0495d577b618c412fe89046 275980 java optional libjackrabbit-java_2.3.6-1+deb8u2_all.deb
-----BEGIN PGP SIGNATURE-----
iQKMBAEBCgB2BQJX6WVLXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0DxxhcG9AZGViaWFuLm9yZwAKCRDZrRS5UTtR5N6ED/98
Enza/8A/Neeuo3xcaQcm4CUJG8x1HqQW4kn59RcMvbWnRukeUISaVpd6nsaLj4Zf
HGOjPX/QwofVSUsJK2/7U0K/SPrbN3mJyfB0my8fJSZMZprDc3XKSuHQ4N9VxKpn
ZRddBJJ+ntlhXoNURV194RQr/HItIBTW76OFyYy0TZxg6bctAe/pit8ongaqhBNS
y/aZ1n3xMr0i/I88KidADW+iWqUzGmeAJGORPsIdO5geqeRx2GgIH763Gt2zFVwR
x0RS3Lplr1Kq6QHEz1qak3XptgQRMN6yzf9KjUFySBAaVpZMLR4GbOUCr9qidcMG
uTxwVN7T6q3YSt5mB8AZBTYSp4zwxPxVfiHTY1YhKFpQUKQSCXUdsXw59J1OO5R6
ie+clbdqfZkH8jpXvEmHJBLYVf2kOyXyeCjwO/Fo2iD5m6kQy9do8MiNX/Kqg2Zl
rFgonbIjlmlgFcbS80ChiZfutgaUEfpvHTTjn64kfLBhrJATk6066lOIFO0MmKtO
dMoMW58ookQUai5MerDRwQSQdvmmpDD3J45b9K7ANVmQk9EQRJSzU6l6DwkjJmyC
fojKBRe5XpAm29M8WZ/Auf4oqTYQifh0L9VuPnwOTIOHQHhZSEE6OqEBnJQxOZo6
wvhB+1AWMhFh6OUnC8ydCrlKKJJqDauhYaHHMsp9xw==
=OR8C
-----END PGP SIGNATURE-----