-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 24 Apr 2018 10:29:21 +0200 Source: lucene-solr Binary: liblucene3-java liblucene3-contrib-java liblucene3-java-doc libsolr-java solr-common solr-tomcat solr-jetty Architecture: source all Version: 3.6.0+dfsg-1+deb7u4 Distribution: wheezy-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: liblucene3-contrib-java - Full-text search engine library for Java(TM) liblucene3-java - Full-text search engine library for Java(TM) liblucene3-java-doc - Documentation for Lucene libsolr-java - Enterprise search server based on Lucene - Java libraries solr-common - Enterprise search server based on Lucene3 - common files solr-jetty - Enterprise search server based on Lucene3 - Jetty integration solr-tomcat - Enterprise search server based on Lucene3 - Tomcat integration Closes: 896604 Changes: lucene-solr (3.6.0+dfsg-1+deb7u4) wheezy-security; urgency=high . * CVE-2018-1308: Prevent an issue where an XML external entity expansion (XXE) vulnerability could be used to to read arbitrary local files from the Solr server or the internal network. (Closes: #896604) Checksums-Sha1: 5184317ab45cedba4580d29bc59d034020f8da11 3161 lucene-solr_3.6.0+dfsg-1+deb7u4.dsc 37f3d306638d4934ed059e5a1f2bf7af5196fa70 34894297 lucene-solr_3.6.0+dfsg.orig.tar.gz efeb8d476b1c949235fe666173054dcf362a363a 57243 lucene-solr_3.6.0+dfsg-1+deb7u4.debian.tar.gz 11cd1a4f27dad4e6c7fd638bfb72eff28df4f6d4 1511714 liblucene3-java_3.6.0+dfsg-1+deb7u4_all.deb 272d4fc01772e1c69ab2e72aeca2afdd10852b67 11135194 liblucene3-contrib-java_3.6.0+dfsg-1+deb7u4_all.deb d7be2536647ab0f7e7486ccf9e25ab287fdff0b9 9963366 liblucene3-java-doc_3.6.0+dfsg-1+deb7u4_all.deb 973f8943a4f5e70e44ba348a735f005145ecf711 2027658 libsolr-java_3.6.0+dfsg-1+deb7u4_all.deb 95b0dfc703e4c334ad72a618c7dbaeb86635fbcd 172130 solr-common_3.6.0+dfsg-1+deb7u4_all.deb 845c1b7ab9a0caa8a2ed013fe4f4a792e85a241a 8554 solr-tomcat_3.6.0+dfsg-1+deb7u4_all.deb 506d3d23a984bfea5819e9c1003c7babc82e42b5 8130 solr-jetty_3.6.0+dfsg-1+deb7u4_all.deb Checksums-Sha256: d158ee5706752dfd7ee149e8736806bdfd9a3361b14978e47f602138e0b90a5e 3161 lucene-solr_3.6.0+dfsg-1+deb7u4.dsc 1282cc0a8fb058f4546d46abb3380368165970cd5d9b0c0de6fa8d53f2853edb 34894297 lucene-solr_3.6.0+dfsg.orig.tar.gz 65e544e8541f72b1c3dbdb2c78b402e05027e79b9cc970203992050b58cbb91a 57243 lucene-solr_3.6.0+dfsg-1+deb7u4.debian.tar.gz 8f741559a77047b64a0987d7fc952718ca94ed940e47d1beb9eb3bf007e2c76f 1511714 liblucene3-java_3.6.0+dfsg-1+deb7u4_all.deb 0bc4998ae287ff2df5175645176c692db09f53691a57495dac96fdb89714923f 11135194 liblucene3-contrib-java_3.6.0+dfsg-1+deb7u4_all.deb b951e82bf797136b0f17329210f59ad41b97cc2e14410fdfa40a3d0bdd787794 9963366 liblucene3-java-doc_3.6.0+dfsg-1+deb7u4_all.deb ccf2d54884c8522d84ea7fc15a6b3f06fb2cf017995fc595ab8ba47958e7c907 2027658 libsolr-java_3.6.0+dfsg-1+deb7u4_all.deb af461a8b835b38f657771579f9a947c5d7def65b8e9f73988e985d394f826be4 172130 solr-common_3.6.0+dfsg-1+deb7u4_all.deb d9a8e029a5d39ccc48861e2a7463ca7b428c5b958da84d35e6b09e8d98d34e28 8554 solr-tomcat_3.6.0+dfsg-1+deb7u4_all.deb f02f60da55ef4b3756b06cad7e367e7be0bae23ef26a1af8049dabbffcb2bf70 8130 solr-jetty_3.6.0+dfsg-1+deb7u4_all.deb Files: e1289c4ec808c2b353e8b3bc00ad93d6 3161 java optional lucene-solr_3.6.0+dfsg-1+deb7u4.dsc bf246a75729c931c0b2acaa03ee33642 34894297 java optional lucene-solr_3.6.0+dfsg.orig.tar.gz 21ec324c5dc70ac6ff5d6910fe584c39 57243 java optional lucene-solr_3.6.0+dfsg-1+deb7u4.debian.tar.gz 037cab14711df6528378463aca7efe59 1511714 java optional liblucene3-java_3.6.0+dfsg-1+deb7u4_all.deb 445f8e2182a71c4dff21d47950fa096a 11135194 java optional liblucene3-contrib-java_3.6.0+dfsg-1+deb7u4_all.deb 99e4ba362519415219657d9128571ca1 9963366 doc optional liblucene3-java-doc_3.6.0+dfsg-1+deb7u4_all.deb ea0111faa8c8932b6985b967d1953efe 2027658 java optional libsolr-java_3.6.0+dfsg-1+deb7u4_all.deb 188e4bc45029cdcc7e7bb80bd414dbd8 172130 java optional solr-common_3.6.0+dfsg-1+deb7u4_all.deb da85e06ab5e66719238ba45131b780ca 8554 java optional solr-tomcat_3.6.0+dfsg-1+deb7u4_all.deb dad321f66812af732d79bb28db726dca 8130 java optional solr-jetty_3.6.0+dfsg-1+deb7u4_all.deb
-----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlrfb9sACgkQHpU+J9Qx Hlh1RA/+MpJTEChZ5feprfZKj5FCQ7+oUzDfyM+1IirRBSrj4q4O17MUpGzEgQqU rGRT0ZjXPdB4yA2ovQvJRvCEyslCGZklsUZlcwKhp1mzBc6JnSBArXCsHKMsOBTr JC32oHVcgC5D1Gv0NcPRCiYBlIqyuLxag0QGWPm+SsCtic2E5ZCQTm0bG5MOzroo +8csfrPjwzVgWoBWGiJIApjqSw4UnFy9gYRXrZFIpfO6knxqDz6zsipRM8goAauH qH+vUJ82NYo580XTVEA7nwBEJHG2+qu7TKjvcijL4T4H9O8AyN3q7ekuQPBjNWov Ooy47/4HlOOkeQwvlpz2GL7569V60Dw5i2kbB+vg1Mz4DzrIZsooIDJPl7yTNnqm FB3pO9lUCSedSwNs+1ismU4IC4hMCCRtmrbladVOARLvOnNK8wJFu3VoD5n3Em75 zsbVTQrVJDpj8I2HMWuNFK7198kLe4UeXugk1HFzsYVy4rcEnw2McLr7hPKMSGZv Oi7pc07AUDUfb4MNiRjjsgmsutL21lEgdtoiLst29Mo0/oFtDCERTDzqgVmjgwjg t9X3T+VMDbJdO44kRH2hN+15TACYdwr94EY7NpYHBc0lkX7SeDfR1W8auoJCRcFo M2JAoV0Fivhnng+v+enc3iCM5XKNa77rdVF841bEihd0lYGLk7E= =/vxY -----END PGP SIGNATURE-----