Your message dated Sun, 14 Jan 2018 15:05:30 +0000
with message-id <e1eajqk-000h88...@fasolo.debian.org>
and subject line Bug#867712: fixed in lucene-solr 3.6.2+dfsg-11
has caused the Debian Bug report #867712,
regarding lucene-solr: CVE-2017-3163
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
867712: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867712
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: lucene-solr
Version: 3.6.2+dfsg-5
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/SOLR-10031

Hi,

the following vulnerability was published for lucene-solr.

CVE-2017-3163[0]:
No description was found (try on a search engine)

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-3163
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163
[1] https://issues.apache.org/jira/browse/SOLR-10031

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

p.s.: Out of interest, but I do not know the background, is there a
      reason in Debian lucene-solr never was updated to newer 4.x, 5,x,
      6.x versions?

--- End Message ---
--- Begin Message ---
Source: lucene-solr
Source-Version: 3.6.2+dfsg-11

We believe that the bug you reported is fixed in the latest version of
lucene-solr, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <a...@debian.org> (supplier of updated lucene-solr package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 14 Jan 2018 14:32:32 +0100
Source: lucene-solr
Binary: liblucene3-java liblucene3-contrib-java liblucene3-java-doc 
libsolr-java solr-common solr-tomcat solr-jetty
Architecture: source
Version: 3.6.2+dfsg-11
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
 liblucene3-contrib-java - Full-text search engine library for Java - 
additional libraries
 liblucene3-java - Full-text search engine library for Java - core library
 liblucene3-java-doc - Documentation for Lucene
 libsolr-java - Enterprise search server based on Lucene - Java libraries
 solr-common - Enterprise search server based on Lucene3 - common files
 solr-jetty - Enterprise search server based on Lucene3 - Jetty integration
 solr-tomcat - Enterprise search server based on Lucene3 - Tomcat integration
Closes: 867712
Changes:
 lucene-solr (3.6.2+dfsg-11) unstable; urgency=medium
 .
   * Team upload.
   * Switch to compat level 11.
   * Declare compliance with Debian Policy 4.1.3.
   * Fix CVE-2017-12629: possible remote code execution by exploiting XXE. For
     security reasons the RunExecutableListener class was permanently removed.
   * Fix CVE-2017-3163: path traversal vulnerability. (Closes: #867712)
Checksums-Sha1:
 12dca481fffa95ab04b6f39ee8275e7f8cb281a4 3380 lucene-solr_3.6.2+dfsg-11.dsc
 71eb042fc1c9bb6cd57e91c3834cfceb5399d88d 51624 
lucene-solr_3.6.2+dfsg-11.debian.tar.xz
 2713a150ca8856ee927918ef8c36c2a137a3ebfa 14997 
lucene-solr_3.6.2+dfsg-11_amd64.buildinfo
Checksums-Sha256:
 1633a7b8e969e87984198c9acf3f37c98f6b0935e01ab3fbee56f20c70b44060 3380 
lucene-solr_3.6.2+dfsg-11.dsc
 0191cc435265bbc1da522f5e273367e7992ed838338f7fa6722f5e211be40022 51624 
lucene-solr_3.6.2+dfsg-11.debian.tar.xz
 cfe96258c20c7e1b5f174cf836a3c1a0071d68139a545670529e062d4dd9604b 14997 
lucene-solr_3.6.2+dfsg-11_amd64.buildinfo
Files:
 a4e40a8c102363aebf7043ba7d84fe2e 3380 java optional 
lucene-solr_3.6.2+dfsg-11.dsc
 2539bbb9c0c790b07436ad1180c41ea9 51624 java optional 
lucene-solr_3.6.2+dfsg-11.debian.tar.xz
 19a1337d202c37a907aecb5d4a4c2e85 14997 java optional 
lucene-solr_3.6.2+dfsg-11_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlpbaOxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkIVIP/A2PoeymkiYXBRLvwWI+CJr/rLDankrCGMLs
n8yDBvOeXjLgY4Hm0EUp/xlHaCBDy+/L+ZUaO1MrCm+hsSZgxwIQ9DSMiCQpNgx4
jwuSCpEy4D6rnrdl5enTQiUqZnWwn+tepobAtdmvAslph84yXIWGGpPRr4xR2oKw
Sw+DEFeY6UKFrW1R1WjMEczqKYOrnm/gRoHjW+qIjz9000T5BBLrWHNgwergnYzM
BapTTOMkAXbNidEmDsqRSU5F6nWPqJcJsZBUByv/mx/AyvrUu5md8qEma1SbTq90
ldFV9it400ghXt+y0nGbYD9qlirpqUzlSNJuOkQGTWx0V/VA0wp0q1U2ADgK0KUU
VHXiDuBRgtNlX4nm0r5Pe2PvD7r5R+Wfnpo0ePAxZ9qu0tuP/rCbOIGILXRUnm6O
sewebDyZACSxZFUG3Jp2cP6L1uxfyPq3v+Y1j5UGG+v07t1G0NUSWtzJKb+NcYiB
Js/FY6odCsvtvo1oncfLAXK5cZxJ5phWnN3D0sR2IhOgyCkf4v7dtT4rhqSSsSIu
MWn0litvBHSoHaXO/F3vFI+IoFnG0930xIntPpgH45dpgz8FxpJBiJkvdZUDRi4P
UmZlOImyAub9VTt9qqRwuqO86+s7IFzJbSr4Iv7SCbVTENqc1vL2ZoNG4Rv3/V0o
rfWanFJJ
=AfrP
-----END PGP SIGNATURE-----

--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to