<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>



<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">

<h3>
Markus Koschany pushed to branch master
at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0e367a3d1e318d240b4e758b7d142f91a045b98">f0e367a3</a></strong>
<div>
<span>by Markus Koschany</span>
<i>at 2020-08-31T10:56:03+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2020-13941,lucene-solr: Mark as ignored for Stretch and Buster.

Remove lucene-solr from dla-needed.txt.

CVE-2020-13941 is about adding a new parameter to the CoreAdminAPI that
validates whether a user is allowed to write or read data to or from a different
directory than the default dataDir directory.

In Debian the default dataDir directory is /var/lib/solr/data. This is
specified in /etc/solr/conf/solrconfig.xml. See also set-data-dir.patch and
solr-common.README.Debian. The only way to change that is to edit
/etc/solr/conf/solrconfig.xml. The value in solrconfig.xml overrides any
dataDir value that is passed to the dynamic core admin interface. That means
that only system administrators should be able to change that value. This makes
CVE-2020-13941 a rather minor issue for Debian and backporting the new
configuration option does not seem strictly necessary.
</pre>
</li>
</ul>
<h4>2 changed files:</h4>
<ul>
<li class="file-stats">
<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">
data/CVE/list
</a>
</li>
<li class="file-stats">
<a href="#451c03275399f1318aed4e8b2d621183019720c6">
data/dla-needed.txt
</a>
</li>
</ul>
<h4>Changes:</h4>
<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">
<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0e367a3d1e318d240b4e758b7d142f91a045b98#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>
<hr>
No preview for this file type
<br>
</li>
<li id="451c03275399f1318aed4e8b2d621183019720c6">
<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0e367a3d1e318d240b4e758b7d142f91a045b98#451c03275399f1318aed4e8b2d621183019720c6"><strong>data/dla-needed.txt</strong></a>
<hr>
<table class="code white" style="font-family: monospace; font-size: 90%;" bgcolor="#fff" width="100%" cellpadding="0" cellspacing="0">
<tr class="line_holder match" id="" style="line-height: 1.6;">
<td class="diff-line-num unfold js-unfold old_line" data-linenumber="102" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">...</td>
<td class="diff-line-num unfold js-unfold new_line" data-linenumber="102" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">...</td>
<td class="line_content match " style="padding-left: 0.5em; padding-right: 0.5em; color: rgba(0,0,0,0.3);" bgcolor="#fafafa">@@ -102,8 +102,6 @@ linux-4.9 (Ben Hutchings)</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="diff-line-num old_line" data-linenumber="102" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
102
</td>
<td class="diff-line-num new_line" data-linenumber="102" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
102
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC102" class="line" lang="plaintext">--</span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="diff-line-num old_line" data-linenumber="103" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
103
</td>
<td class="diff-line-num new_line" data-linenumber="103" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
103
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC103" class="line" lang="plaintext">lua5.3</span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="diff-line-num old_line" data-linenumber="104" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
104
</td>
<td class="diff-line-num new_line" data-linenumber="104" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
104
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC104" class="line" lang="plaintext">--</span>
</pre>
</td>
</tr>
<tr class="line_holder old" id="" style="line-height: 1.6;">
<td class="diff-line-num old old_line" data-linenumber="105" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
105
</td>
<td class="diff-line-num new_line old" data-linenumber="105" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
 
</td>
<td class="line_content old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb">
<pre style="margin: 0;">-<span id="LC105" class="line" lang="plaintext">lucene-solr (Markus Koschany)</span>
</pre>
</td>
</tr>
<tr class="line_holder old" id="" style="line-height: 1.6;">
<td class="diff-line-num old old_line" data-linenumber="106" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
106
</td>
<td class="diff-line-num new_line old" data-linenumber="105" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
 
</td>
<td class="line_content old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb">
<pre style="margin: 0;">-<span id="LC106" class="line" lang="plaintext">--</span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="diff-line-num old_line" data-linenumber="107" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
107
</td>
<td class="diff-line-num new_line" data-linenumber="105" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
105
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC105" class="line" lang="plaintext">mumble</span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="diff-line-num old_line" data-linenumber="108" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
108
</td>
<td class="diff-line-num new_line" data-linenumber="106" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
106
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC106" class="line" lang="plaintext">  NOTE: 20200325: Regression in last upload, forgot to follow up.</span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="diff-line-num old_line" data-linenumber="109" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
109
</td>
<td class="diff-line-num new_line" data-linenumber="107" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
107
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC107" class="line" lang="plaintext">  NOTE: 20200325: https://github.com/mumble-voip/mumble/issues/3605 (abhijith)</span>
</pre>
</td>
</tr>

</table>
<br>
</li>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">
—
<br>
<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0e367a3d1e318d240b4e758b7d142f91a045b98">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0e367a3d1e318d240b4e758b7d142f91a045b98"}}</script>


</p>
</div>
</body>
</html>