Copied from
ubuntu trusty in
Private PPA for Ubuntu Security Team
by Emily Ratliff
Changelog
jackrabbit (2.3.6-1+deb8u2build0.14.04.1) trusty-security; urgency=medium
* fake sync from Debian
jackrabbit (2.3.6-1+deb8u2) jessie-security; urgency=high
* Team upload.
* Fix CVE-2016-6801:
The CSRF content-type check for POST requests did not handle missing
Content-Type header fields, nor variations in field values with respect to
upper/lower case or optional parameters. This could be exploited to create
a resource via CSRF.
-- Emily Ratliff <email address hidden> Wed, 05 Oct 2016 11:21:58 -0500