Accepted:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 14 Dec 2013 22:07:54 +0000 Source: lucene-solr Binary: liblucene3-java liblucene3-contrib-java liblucene3-java-doc libsolr-java solr-common solr-tomcat solr-jetty Architecture: source all Version: 3.6.2+dfsg-2 Distribution: unstable Urgency: low Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: James Page <james.p...@ubuntu.com> Description: liblucene3-contrib-java - Full-text search engine library for Java - additional libraries liblucene3-java - Full-text search engine library for Java - core library liblucene3-java-doc - Documentation for Lucene libsolr-java - Enterprise search server based on Lucene - Java libraries solr-common - Enterprise search server based on Lucene3 - common files solr-jetty - Enterprise search server based on Lucene3 - Jetty integration solr-tomcat - Enterprise search server based on Lucene3 - Tomcat integration Closes: 731113 Changes: lucene-solr (3.6.2+dfsg-2) unstable; urgency=low . * Fixes for new security vulnerabilities (Closes: #731113): - debian/patches/CVE-2013-6397.patch: Fix DocumentAnalysisRequestHandler to correctly use EmptyEntityResolver to prevent loading of external entities like UpdateRequestHandler does. CVE-2013-6397 - debian/patches/CVE-2013-6407_CVE-2013-6408.patch: XML and XSLT UpdateRequestHandler should not try to resolve external entities. This improves speed of loading e.g. XSL-transformed XHTML documents. CVE-2013-6407 Fix XML parsing in XPathEntityProcessor to correctly expand named entities, but ignore external entities. CVE-2013-6408 Checksums-Sha1: 3bb97aa2ab9029ed82caded871708caf966494d4 3136 lucene-solr_3.6.2+dfsg-2.dsc 9af68d38d1da28e47551390e8a2bf0f4d23fb765 53822 lucene-solr_3.6.2+dfsg-2.debian.tar.gz 4de2ca66d7df2dbfaff08f7290332c42540371e8 1502040 liblucene3-java_3.6.2+dfsg-2_all.deb b79d64a050ee003bd02b3964c3e94e788f96f84f 10895818 liblucene3-contrib-java_3.6.2+dfsg-2_all.deb 2c8ae68faa8302b3f61c7b9b5b1ff011af0ea545 4777008 liblucene3-java-doc_3.6.2+dfsg-2_all.deb 384080dbd2370518958e26232dc12519ee4511d5 1964328 libsolr-java_3.6.2+dfsg-2_all.deb 9aec0726d29d8b68af6b8cca2632cc028e7f757f 143552 solr-common_3.6.2+dfsg-2_all.deb b3a7ce1968cbbbc5d240fae497b95bc2de3b4ce1 8090 solr-tomcat_3.6.2+dfsg-2_all.deb d7263beceead47070d6b7c8a4ac62bc03ea49c37 7690 solr-jetty_3.6.2+dfsg-2_all.deb Checksums-Sha256: 993bc404a1670b9785c98456f9fa11067646a9f1b7514c60ad957054884b7d17 3136 lucene-solr_3.6.2+dfsg-2.dsc 18e876daca284a21608bd35cd05de4578459ba6c5da37529ec3e812ad608cc0e 53822 lucene-solr_3.6.2+dfsg-2.debian.tar.gz f17ff81bbed55fbba2ba6bb07c964233528d7c577a5c3a25861526c7023cf7ab 1502040 liblucene3-java_3.6.2+dfsg-2_all.deb cb9562ec8034d1537eac81d8e78db928e73d9e5c2d64f3774bd23b326a5b89e7 10895818 liblucene3-contrib-java_3.6.2+dfsg-2_all.deb 8169fc4b5450963dc84c9bf4264bb38866f4eae0967e757fdc198b1464478fef 4777008 liblucene3-java-doc_3.6.2+dfsg-2_all.deb fc792a1edd451752a4474df48219a46af9305184d394a1f0707614c36d09550a 1964328 libsolr-java_3.6.2+dfsg-2_all.deb efd01741e7c69f2f2db8eed398d3c8729607d66d4b69b977f28b8a0f3d3c4733 143552 solr-common_3.6.2+dfsg-2_all.deb aa52a316ff4089834051d50103d89eec842a4bfc7f2f6aa4358c5cc2c30d8fcf 8090 solr-tomcat_3.6.2+dfsg-2_all.deb 4cdfa3cb4fc333c0dfd7ef494937aec9b73d2af1aaec85a8c13ad771a22036cb 7690 solr-jetty_3.6.2+dfsg-2_all.deb Files: ccd3e0c50405d05d32b6797a2ea0bf2d 3136 java optional lucene-solr_3.6.2+dfsg-2.dsc ede0c32704012aef3a7b5d4867e4589f 53822 java optional lucene-solr_3.6.2+dfsg-2.debian.tar.gz 67f00843d3411ccac75a644a86f56d71 1502040 java optional liblucene3-java_3.6.2+dfsg-2_all.deb 909e980896c1be36dcef01b3da43d29b 10895818 java optional liblucene3-contrib-java_3.6.2+dfsg-2_all.deb 96e73a79c67653e211ad0937b13b4a46 4777008 doc optional liblucene3-java-doc_3.6.2+dfsg-2_all.deb ed03727afb5f451331433f8d7c3ba57f 1964328 java optional libsolr-java_3.6.2+dfsg-2_all.deb 795f96a3b210e8b6aea2a1d870f33122 143552 java optional solr-common_3.6.2+dfsg-2_all.deb 8f278760e615aa55219ace165979142d 8090 java optional solr-tomcat_3.6.2+dfsg-2_all.deb fd8efb225e74ac047e21ee7510cd5327 7690 java optional solr-jetty_3.6.2+dfsg-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCAAGBQJSrW7XAAoJEL/srsug59jD27AP/3fANcRYN6lzQ9lllqIxIoFr tM9UFbqvRmyfWShJn4tLUxFmfHdpY6uFXbKdFLwcBaYCEPp1i6ZDoj95ofpzKfHZ bf5W/oqcwlPdMxK5sXjKp7pZccb5mwbJ6MoeDWzfJ1OoZXYqEqJ+5ixI8kNnELlS 3VPTlZrpWzY//aDuZjNfnKVK+3+PrQRRBWMb4Q5UiNvFYWmdw05NX20wV2Qq+30q UL16BDoX6FYzRdHF3hog28r/c/jenRulqn+tew0KqStPLDhbpzdayN2HCYFH+k+M +gVnP1rst6it8Tg4sPLrIhZPkIEAO/cj0mTGEBeu3lTzHmqdFQLZuINvOOham+rt cbyKUp1OU/phpI/yEuCMqVVVCQM/geAIp28RnJBPBOV+9M40RiacBW19cL+VzWeY cIUSSdpzENsGsAENO7lUnjCTLcJsOLIshCpRcb4kjyCQW8IRrJWawTSsoMGAxDnF hy7bxx8sGEm/8kJvmw8YEzXTvdDYU2IN1vBseVuZK0aH/WCglh7t4L1Uv9txihHD Bf+2MsQFAGOPl5EJB0uc0zoK+l78Z9NK4/UCCzwyWN+5ekQurOrHxkuWY7WEjrC9 iuGYnI/gzojbOrbXSrxVSP2fnArqMAQm4vyK40IHV9ME2nMRwkcxwMCehN56azTt 1ddPAHepGXZBbhojK2LJ =O1WS -----END PGP SIGNATURE----- Thank you for your contribution to Debian. __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.