Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
33ed8623 by Sylvain Beucler at 2019-10-01T16:16:09Z
CVE-2019-0193/lucene-solr: reference commit, request dla
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -49080,6 +49080,9 @@ CVE-2019-0194 (Apache Camel's File is vulnerable to
directory traversal. Camel 2
CVE-2019-0193 (In Apache Solr, the DataImportHandler, an optional but popular
module ...)
- lucene-solr <unfixed> (low)
NOTE: https://issues.apache.org/jira/browse/SOLR-13669
+ NOTE: upstream recommends everybody upgrade or rework their
configuration
+ NOTE: consider backporting enable.dih.dataConfigParam instead:
+ NOTE:
https://github.com/apache/lucene-solr/commit/325824cd391c8e71f36f17d687f52344e50e9715
CVE-2019-0192 (In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the
Config ...)
- lucene-solr <not-affected> (vulnerable code is not present)
NOTE: https://issues.apache.org/jira/browse/SOLR-13301
=====================================
data/dla-needed.txt
=====================================
@@ -93,6 +93,8 @@ linux (Ben Hutchings)
--
linux-4.9 (Ben Hutchings)
--
+lucene-solr
+--
milkytracker (Utkarsh Gupta)
NOTE: 20190830: Several <no-dsa> issues open for jessie.
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/33ed8623ec493ebb3bb329465af4baa265dc1933
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/33ed8623ec493ebb3bb329465af4baa265dc1933
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
