Mapping stable-security to proposed-updates. Accepted:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 03 May 2018 00:38:56 +0200 Source: lucene-solr Binary: liblucene3-java liblucene3-contrib-java liblucene3-java-doc libsolr-java solr-common solr-tomcat solr-jetty Architecture: source all Version: 3.6.2+dfsg-10+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: liblucene3-contrib-java - Full-text search engine library for Java - additional libraries liblucene3-java - Full-text search engine library for Java - core library liblucene3-java-doc - Documentation for Lucene libsolr-java - Enterprise search server based on Lucene - Java libraries solr-common - Enterprise search server based on Lucene3 - common files solr-jetty - Enterprise search server based on Lucene3 - Jetty integration solr-tomcat - Enterprise search server based on Lucene3 - Tomcat integration Closes: 886090 896604 Changes: lucene-solr (3.6.2+dfsg-10+deb9u2) stretch-security; urgency=high . * Team upload. * Fix CVE-2018-1308: XML external entity expansion in Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. (Closes: #896604) * Symlink /etc/solr/solr-jetty.xml into /var/lib/jetty9/webapps/solr.xml to make solr-jetty work out-of-the-box. (Closes: #886090) Thanks to J.P. Larocque for the report. Checksums-Sha1: 0aed0bca1c56d8301f3da9b6a5db96c02db29015 3406 lucene-solr_3.6.2+dfsg-10+deb9u2.dsc 567ba0e9a663c164037afd63f48d074e47475689 52596 lucene-solr_3.6.2+dfsg-10+deb9u2.debian.tar.xz 06f80ebccc014e74fb9d290052cea7332604de12 10973528 liblucene3-contrib-java_3.6.2+dfsg-10+deb9u2_all.deb 5affd0ab4c9e15bdf0e3a36a80bac09fa8c07f8c 4825252 liblucene3-java-doc_3.6.2+dfsg-10+deb9u2_all.deb 6eeed3719dddd4b5a5eb1e7a592695a17f6f05fb 1563862 liblucene3-java_3.6.2+dfsg-10+deb9u2_all.deb 9d733c6527db0179561ada2f38357bcd61d2e28b 2039462 libsolr-java_3.6.2+dfsg-10+deb9u2_all.deb ebdeae7777fa3ac12de2fbd116ba6210f45f050f 14650 lucene-solr_3.6.2+dfsg-10+deb9u2_amd64.buildinfo 793b5edc1a5c9acd4a5a4d018da6d336508a571d 144542 solr-common_3.6.2+dfsg-10+deb9u2_all.deb 7c3ad10de0814e3e9e326f1a30406e6b5365c434 9218 solr-jetty_3.6.2+dfsg-10+deb9u2_all.deb 729b428f5bb27b6ee04ac1c5303e884084256ed4 9478 solr-tomcat_3.6.2+dfsg-10+deb9u2_all.deb Checksums-Sha256: 4fbfe6be7a728ca7bcfc7ab0187fcf051c50a715d88c5a511c95b6c9b4300247 3406 lucene-solr_3.6.2+dfsg-10+deb9u2.dsc 225c1197ef926d6ee1ba4176c39076aeb30faacaa94c4df834bc561bb2a7bc93 52596 lucene-solr_3.6.2+dfsg-10+deb9u2.debian.tar.xz 70661bceff8764b86d50d35d119c5ee40718fe3e6a8cb2fadbc2e6217da186c2 10973528 liblucene3-contrib-java_3.6.2+dfsg-10+deb9u2_all.deb a927555c9c9064c93933c008a99bb0c2dce296613b3234d44324fdfe74e33cea 4825252 liblucene3-java-doc_3.6.2+dfsg-10+deb9u2_all.deb 1fd0d4ab25fad3b01168b3d98cd18a4084fe4d2297fc0dc97999620fc5ec0697 1563862 liblucene3-java_3.6.2+dfsg-10+deb9u2_all.deb 3fb80815debc6e800cc0b236dbb7eda0fad0dbcef7148723c894d0d940b36d6a 2039462 libsolr-java_3.6.2+dfsg-10+deb9u2_all.deb 3392718c8662aacbf755a2569d1a077ff8d67d84713c14f64ded1f7b62793e3a 14650 lucene-solr_3.6.2+dfsg-10+deb9u2_amd64.buildinfo c41dfe3d5ffcfec47d00483d17befe257606db580bcb87129f5ead57939733cb 144542 solr-common_3.6.2+dfsg-10+deb9u2_all.deb f49ab3a10d8144aa0097ccdfc4c8429079ffba85cd28cb106a62b6096aa6612e 9218 solr-jetty_3.6.2+dfsg-10+deb9u2_all.deb d2304e353c8a3ded16daa756442679221de2df1a40d901f9476e0e2aac66b948 9478 solr-tomcat_3.6.2+dfsg-10+deb9u2_all.deb Files: de7805174082d2984fcb8190c74c9ddd 3406 java optional lucene-solr_3.6.2+dfsg-10+deb9u2.dsc 676b37e02a387fe9b257cdf59d7962b7 52596 java optional lucene-solr_3.6.2+dfsg-10+deb9u2.debian.tar.xz 6825a7b3f232adb846d055ce81c43529 10973528 java optional liblucene3-contrib-java_3.6.2+dfsg-10+deb9u2_all.deb 45214b104614c5bb365729a28cac7d57 4825252 doc optional liblucene3-java-doc_3.6.2+dfsg-10+deb9u2_all.deb 424fbcf941a0b6d295aad37ca4ee07f5 1563862 java optional liblucene3-java_3.6.2+dfsg-10+deb9u2_all.deb 9df27fd408d4faa8a61894ec02952908 2039462 java optional libsolr-java_3.6.2+dfsg-10+deb9u2_all.deb 077b616e17ddf081030e99e96c8f0284 14650 java optional lucene-solr_3.6.2+dfsg-10+deb9u2_amd64.buildinfo d29dd03911077793402e5640f30971b8 144542 java optional solr-common_3.6.2+dfsg-10+deb9u2_all.deb 97c4d294eb9354716e67d0f36ffba3dc 9218 java optional solr-jetty_3.6.2+dfsg-10+deb9u2_all.deb 867dbc38df6c07783d0211854f0bcda8 9478 java optional solr-tomcat_3.6.2+dfsg-10+deb9u2_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlrrfNtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkbysP/0W+VGvnWJ55KDZzHKtKtkaTzUNUFbtxtGfv CCeh/vzIQknKoR2xpdOapTRhtUiPrYLGejrley//YldGVd/OB0109LY0Taked0bS S3nGquNbhnfqO+jBLeZ5g0zeNyX6+bV8P/ey11ArEvaDzMQtZk/3G9OriVL/1k+q VZtu3yrBnzhRCNDNa5TXq+oNysOxrdBYd8+KwaVdrZzCe947svSetPHU0Cqd1Ix8 jy5UnjY1CEuNpKkHuu+5nbPG8ym/XL1t8EG0c/8rVqyDb+PEHbc68O3ZIQjKIdSB tkqrPDc3jeXJZ78N1bTKcIunPytqK8VVxtkIyY724L8LXtmawI58ONVjtGUmIgg4 gtpg5kMQ76ZjtLwYKNhQ8Nh88eeoDmcAwW9cq6JF6vdxqYST6M8rSzIOukNgkL5Y 5NoyAn/9q0jfuhExUy49zK9qmkLY5Ex3JuohjLuFjDHOcXebpT+VALXgmacG63XB yH64vtBPbqe3ZDgZbpxrPeQ8srhSPCUJs50YIiNGs6QmOh4IxfCxZSfyKlAvgWfh Vz69zeT/7RMEaZei7ZxGOpC0h4S0EzwDmvyK7BoBwWdGc5mvn4xMlRynpdnZkCz4 FOp7XqBZQQeUbp5BRccyf6nkuLCMFugsgEshARdI78F7OL6s9RCZHT8UijsDyfwM yTKN+7H0 =D0bh -----END PGP SIGNATURE----- Thank you for your contribution to Debian. __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.