[ubuntu/artful-security] lucene-solr 3.6.2+dfsg-10+deb9u2build0.17.10.1 (Accepted)
Seth Arnold
seth.arnold at canonical.com
Fri May 11 02:22:10 UTC 2018
lucene-solr (3.6.2+dfsg-10+deb9u2build0.17.10.1) artful-security; urgency=medium
* fake sync from Debian
lucene-solr (3.6.2+dfsg-10+deb9u2) stretch-security; urgency=high
* Team upload.
* Fix CVE-2018-1308: XML external entity expansion in Solr's
DataImportHandler. It can be used as XXE using file/ftp/http protocols in
order to read arbitrary local files from the Solr server or the internal
network. (Closes: #896604)
* Symlink /etc/solr/solr-jetty.xml into /var/lib/jetty9/webapps/solr.xml
to make solr-jetty work out-of-the-box. (Closes: #886090)
Thanks to J.P. Larocque for the report.
Date: 2018-05-10 00:55:48.992212+00:00
Changed-By: Seth Arnold <seth.arnold at canonical.com>
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
https://launchpad.net/ubuntu/+source/lucene-solr/3.6.2+dfsg-10+deb9u2build0.17.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Artful-changes
mailing list