[ubuntu/artful-security] lucene-solr 3.6.2+dfsg-10+deb9u2build0.17.10.1 (Accepted)

Seth Arnold seth.arnold at canonical.com
Fri May 11 02:22:10 UTC 2018

lucene-solr (3.6.2+dfsg-10+deb9u2build0.17.10.1) artful-security; urgency=medium

  * fake sync from Debian

lucene-solr (3.6.2+dfsg-10+deb9u2) stretch-security; urgency=high

  * Team upload.
  * Fix CVE-2018-1308: XML external entity expansion in Solr's
    DataImportHandler. It can be used as XXE using file/ftp/http protocols in
    order to read arbitrary local files from the Solr server or the internal
    network. (Closes: #896604)
  * Symlink /etc/solr/solr-jetty.xml into /var/lib/jetty9/webapps/solr.xml
    to make solr-jetty work out-of-the-box. (Closes: #886090)
    Thanks to J.P. Larocque for the report.

Date: 2018-05-10 00:55:48.992212+00:00
Changed-By: Seth Arnold <seth.arnold at canonical.com>
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Artful-changes mailing list