[Git][security-tracker-team/security-tracker][master] CVE-2019-0193/lucene-solr: reference commit, request dla

Sylvain Beucler beuc at debian.org
Tue Oct 1 17:16:32 BST 2019 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
33ed8623 by Sylvain Beucler at 2019-10-01T16:16:09Z
CVE-2019-0193/lucene-solr: reference commit, request dla

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -49080,6 +49080,9 @@ CVE-2019-0194 (Apache Camel's File is vulnerable to directory traversal. Camel 2
 CVE-2019-0193 (In Apache Solr, the DataImportHandler, an optional but popular module  ...)
 	- lucene-solr <unfixed> (low)
 	NOTE: https://issues.apache.org/jira/browse/SOLR-13669
+	NOTE: upstream recommends everybody upgrade or rework their configuration
+	NOTE: consider backporting enable.dih.dataConfigParam instead:
+	NOTE: https://github.com/apache/lucene-solr/commit/325824cd391c8e71f36f17d687f52344e50e9715
 CVE-2019-0192 (In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config  ...)
 	- lucene-solr <not-affected> (vulnerable code is not present)
 	NOTE: https://issues.apache.org/jira/browse/SOLR-13301


=====================================
data/dla-needed.txt
=====================================
@@ -93,6 +93,8 @@ linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)
 --
+lucene-solr
+--
 milkytracker (Utkarsh Gupta)
   NOTE: 20190830: Several <no-dsa> issues open for jessie.
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/33ed8623ec493ebb3bb329465af4baa265dc1933

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/33ed8623ec493ebb3bb329465af4baa265dc1933
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191001/14f8853d/attachment.html>

More information about the debian-security-tracker-commits mailing list