Your message dated Sun, 18 Sep 2016 16:38:22 +0000 with message-id <e1blf6k-0000fc...@franck.debian.org> and subject line Bug#838204: fixed in jackrabbit 2.12.4-1 has caused the Debian Bug report #838204, regarding jackrabbit: CVE-2016-6801: CSRF in Jackrabbit-Webdav using empty content-type to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 838204: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838204 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: jackrabbit Version: 2.3.6-1 Severity: important Tags: security upstream fixed-upstream Hi, the following vulnerability was published for jackrabbit. CVE-2016-6801[0]: CSRF in Jackrabbit-Webdav using empty content-type For the 2.12.x this has been fixed upstream in 2.12.3, cf. [1], and there are patches for older branches as well. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-6801 [1] https://marc.info/?l=oss-security&m=147386022804406&w=2 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: jackrabbit Source-Version: 2.12.4-1 We believe that the bug you reported is fixed in the latest version of jackrabbit, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 838...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated jackrabbit package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 18 Sep 2016 00:14:03 +0200 Source: jackrabbit Binary: libjackrabbit-java Architecture: source Version: 2.12.4-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: libjackrabbit-java - content repository implementation (JCR API) Closes: 838204 Changes: jackrabbit (2.12.4-1) unstable; urgency=medium . * Team upload. * New upstream version 2.12.4. - Fixes CVE-2016-6801. (Closes: #838204) * Use compat level 10. * Rebase patches to servlet-api.patch. * d/rules: Remove obsolete export for ANT_ARGS. Checksums-Sha1: 535a2386b140808ef3b8956209636b1df90f937c 2253 jackrabbit_2.12.4-1.dsc 21a7137e0f3b1e8d855ab4e7f7a4f825fd3b0211 3395824 jackrabbit_2.12.4.orig.tar.xz 88d2dca107a4a92baf363cf94e2432fce731ad1c 7200 jackrabbit_2.12.4-1.debian.tar.xz Checksums-Sha256: 6e34f96093fb4eaf8ebc6fc985002526cf41b0ac6f8d3216c0752b590a27130d 2253 jackrabbit_2.12.4-1.dsc a0ad05a8c62523985b124c0b4021a07c76057278b97b980e2236d9fe4becce85 3395824 jackrabbit_2.12.4.orig.tar.xz 8a488d488ecda96f5c8d0aed570505e94a9b30f302ad3c12125e0b182c46220c 7200 jackrabbit_2.12.4-1.debian.tar.xz Files: fd5c3f2fea7836d6f259fbb55d05770f 2253 java optional jackrabbit_2.12.4-1.dsc d037100dd0638db50cdd521c6a057233 3395824 java optional jackrabbit_2.12.4.orig.tar.xz abc94e486ac73e7755faeeebbad45ded 7200 java optional jackrabbit_2.12.4-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKMBAEBCgB2BQJX3p+UXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0DxxhcG9AZGViaWFuLm9yZwAKCRDZrRS5UTtR5DC1EADJ iqElZBh1SELHO3nrln6GclEntaa0DVXZf5YUNBdA40U6Tl6sK1QDXKTCmVIkX4Hw hCzba3mRpw1LMj2AQriAUglebIor0rOk9krli8tn811qsm3nr1IHvpmRGEO74WPa Gm9bil+o29hptcH1R9usqvkbHZJKS/VlF8xDf2nkaCyX83BSfRPAcU/Avw0vKFOq NCoYVAs9fiRVG26mUPh8kno3W3g2mpE4sz/dGVB+i63IZhd+DIoT+jnzP6DZUNw2 pOCURSrWVaIKfyg4El8nCikDwf19uG6CLizuG+DUQJiZAvnz+G5E4TcQ2NfmJ1nZ sujEsSvSrr2oFwfgMIK0MVEW9MRisZe9z6xsxG4zrCS43+9GuJMzsN9oaUwVDJcv tZJlWbDHJmnFzTXlhfmeV7NO20UJEym1EITp6wCoOI+hGCbw+ZL7GyTWE7emr4cQ aLWKUjKTek4CukVVePEgvFL1G72Mbe1lIf/r6wGAuIfp1sCmnAlZfomk876Ub8vv vkxcc4ut882CgV3z56+C6oxFOhj7yxFzt3cGzgNf606GjCTirPslgywFcdXqSFBe N5znv/O3sojcrANY5jl3kJlmHDc2p2UvE5f6QGECrbV2k8gNwRa5IgrI8+sjj2Hp eHfwrXp6QemZJbn/6YHUY2IcvglA0dg00ZHbX2dzOA== =XJ6/ -----END PGP SIGNATURE-----
--- End Message ---
