Source: jackrabbit Version: 2.3.6-1 Severity: important Tags: security upstream fixed-upstream
Hi, the following vulnerability was published for jackrabbit. CVE-2016-6801[0]: CSRF in Jackrabbit-Webdav using empty content-type For the 2.12.x this has been fixed upstream in 2.12.3, cf. [1], and there are patches for older branches as well. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-6801 [1] https://marc.info/?l=oss-security&m=147386022804406&w=2 Regards, Salvatore