[Secure-testing-commits] r56836 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-10-18 20:00:18 +0000 (Wed, 18 Oct 2017)
New Revision: 56836

Modified:
   data/CVE/list
Log:
Add references for CVE-2017-12629

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-18 19:12:04 UTC (rev 56835)
+++ data/CVE/list	2017-10-18 20:00:18 UTC (rev 56836)
@@ -8424,6 +8424,8 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501529
 	NOTE: http://lucene.472066.n3.nabble.com/Re-Several-critical-vulnerabilities-discovered-in-Apache-Solr-XXE-amp-RCE-td4358308.html
 	NOTE: http://lucene.472066.n3.nabble.com/Re-Several-critical-vulnerabilities-discovered-in-Apache-Solr-XXE-amp-RCE-tt4358355.html
+	NOTE: Patch removing RunExecutableListener: https://github.com/apache/lucene-solr/commit/7b313bb597a6d1f78773dc9c00f484c078a46c25
+	NOTE: Patch disallowing XXE: https://github.com/apache/lucene-solr/commit/926cc4d65b6d2cc40ff07f76d50ddeda947e3cc4
 CVE-2017-12628
 	RESERVED
 CVE-2017-12627