[ubuntu/artful-updates] lucene-solr 3.6.2+dfsg-10+deb9u2build0.17.10.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Fri May 11 03:28:30 UTC 2018
lucene-solr (3.6.2+dfsg-10+deb9u2build0.17.10.1) artful-security; urgency=medium
* fake sync from Debian
lucene-solr (3.6.2+dfsg-10+deb9u2) stretch-security; urgency=high
* Team upload.
* Fix CVE-2018-1308: XML external entity expansion in Solr's
DataImportHandler. It can be used as XXE using file/ftp/http protocols in
order to read arbitrary local files from the Solr server or the internal
network. (Closes: #896604)
* Symlink /etc/solr/solr-jetty.xml into /var/lib/jetty9/webapps/solr.xml
to make solr-jetty work out-of-the-box. (Closes: #886090)
Thanks to J.P. Larocque for the report.
Date: 2018-05-10 00:55:48.992212+00:00
Changed-By: Seth Arnold <seth.arnold at canonical.com>
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/lucene-solr/3.6.2+dfsg-10+deb9u2build0.17.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Artful-changes
mailing list