-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3679-1 security@xxxxxxxxxx https://www.debian.org/security/ Florian Weimer September 27, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jackrabbit CVE ID : CVE-2016-6801 Debian Bug : 838204 Lukas Reschke discovered that Apache Jackrabbit, an implementation of the Content Repository for Java Technology API, did not correctly check the Content-Type header on HTTP POST requests, enabling Cross-Site Request Forgery (CSRF) attacks by malicious web sites. For the stable distribution (jessie), this problem has been fixed in version 2.3.6-1+deb8u2. For the unstable distribution (sid), this problem has been fixed in version 2.12.4-1. We recommend that you upgrade your jackrabbit packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJX6lXSAAoJEL97/wQC1SS+f+oH/j2icJdtA6mPaV8zohFFG00H KiU6pFyh/9bLyFOHhtKmBK4ykFGgd4ViQBqlCxig+o/LuL9z3Pj7uORv/2zLE2gq UFWCIs1Faiy63KpeabeeFDAEvqhLkH6cEGc9QBxbQeaDRr6rJrVlJubnu8nkJLEa bMILBwxIt2kTE0xvZdm0OX7SzLLf8JwJA48RmK5D7rrxV4vJa7MQD1GMJTdYQsx5 TNCwdrajrqi9NF7yrMwGdvhdv7x7yr5fPT+X7YNdkM6AGxsMojjI0iPA+caREUea Imd6Hz3rGIyahqQjhphQBKfZcepX2YrZ8w3kWSD+W9rC9ckyuEE/uRf/udc2IV8= =+KOg -----END PGP SIGNATURE-----
