Publishing details

Published on 2016-10-05
Copied from ubuntu trusty in Private PPA for Ubuntu Security Team by Emily Ratliff

Changelog

jackrabbit (2.3.6-1+deb8u2build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian

jackrabbit (2.3.6-1+deb8u2) jessie-security; urgency=high

  * Team upload.
  * Fix CVE-2016-6801:
    The CSRF content-type check for POST requests did not handle missing
    Content-Type header fields, nor variations in field values with respect to
    upper/lower case or optional parameters. This could be exploited to create
    a resource via CSRF.

 -- Emily Ratliff <email address hidden>  Wed, 05 Oct 2016 11:21:58 -0500

Available diffs

diff from 2.3.6-1+deb8u1build0.14.04.1 to 2.3.6-1+deb8u2build0.14.04.1 (3.1 KiB)

Builds

i386

Built packages

libjackrabbit-java content repository implementation (JCR API)

Package files

jackrabbit_2.3.6-1+deb8u2build0.14.04.1.debian.tar.gz (12.1 KiB)
jackrabbit_2.3.6-1+deb8u2build0.14.04.1.dsc (2.1 KiB)
jackrabbit_2.3.6.orig.tar.gz (3.8 MiB)
libjackrabbit-java_2.3.6-1+deb8u2build0.14.04.1_all.deb (269.6 KiB)