[Git][security-tracker-team/security-tracker][master] Add CVE-2018-8026/lucene-solr
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 4 19:50:43 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ff637030 by Salvatore Bonaccorso at 2018-07-04T20:50:07+02:00
Add CVE-2018-8026/lucene-solr
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -12912,8 +12912,12 @@ CVE-2018-8028
RESERVED
CVE-2018-8027
RESERVED
-CVE-2018-8026
+CVE-2018-8026 [XE vulnerability due to Apache Solr configset upload (exchange rate provider config / enum field config / TIKA parsecontext)]
RESERVED
+ - lucene-solr <not-affected> (Do not allow to upload configsets via the API)
+ NOTE: Versions 5.x and earlier are not affected by the vulnerability, since
+ NOTE: those versions do not allow to upload configsets via the API.
+ NOTE: https://issues.apache.org/jira/browse/SOLR-12450
CVE-2018-8025 (CVE-2018-8025 describes an issue in Apache HBase that affects the ...)
NOT-FOR-US: Apache HBase
CVE-2018-8024
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff637030ee98657f1e9ef0e57441b545dbb9c17f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff637030ee98657f1e9ef0e57441b545dbb9c17f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180704/491d4f7e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list