[jackrabbit] 02/02: Update changelog
Markus Koschany
apo-guest at moszumanska.debian.org
Wed Jun 24 14:07:13 UTC 2015
This is an automated email from the git hooks/post-receive script.
apo-guest pushed a commit to branch jessie
in repository jackrabbit.
commit 8520d03aa2926f2709cfed3c7e28a80359a0f77c
Author: Markus Koschany <apo at gambaru.de>
Date: Wed Jun 24 03:38:49 2015 +0200
Update changelog
---
debian/changelog | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 4d0d701..03c61a4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+jackrabbit (2.3.6-1+deb8u1) jessie; urgency=medium
+
+ * Team upload.
+ * Add CVE-2015-1833.patch.
+ Fix XXE/XEE vulnerability of the Jackrabbit WebDAV bundle.
+ When processing a WebDAV request body containing XML, the XML parser can be
+ instructed to read content from network resources accessible to the host,
+ identified by URI schemes such as "http(s)" or "file". Depending on the
+ WebDAV request, this can not only be used to trigger internal network
+ requests, but might also be used to insert said content into the request,
+ potentially exposing it to the attacker and others. (Closes: #787316)
+
+ -- Markus Koschany <apo at gambaru.de> Wed, 24 Jun 2015 03:38:23 +0200
+
jackrabbit (2.3.6-1) unstable; urgency=low
* Initial release (Closes: #589450).
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/jackrabbit.git
More information about the pkg-java-commits
mailing list