[Secure-testing-team] Bug#838204: jackrabbit: CVE-2016-6801: CSRF in Jackrabbit-Webdav using empty content-type
Salvatore Bonaccorso
carnil at debian.org
Sun Sep 18 12:43:47 UTC 2016
Source: jackrabbit
Version: 2.3.6-1
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for jackrabbit.
CVE-2016-6801[0]:
CSRF in Jackrabbit-Webdav using empty content-type
For the 2.12.x this has been fixed upstream in 2.12.3, cf. [1], and
there are patches for older branches as well.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6801
[1] https://marc.info/?l=oss-security&m=147386022804406&w=2
Regards,
Salvatore
More information about the Secure-testing-team
mailing list