[Git][security-tracker-team/security-tracker][master] Mark solr as n/a in general
Moritz Muehlenhoff
jmm at debian.org
Tue Oct 8 13:12:30 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
296b77e7 by Moritz Muehlenhoff at 2019-10-08T12:12:08Z
Mark solr as n/a in general
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14944,8 +14944,7 @@ CVE-2019-12402 (The file name encoding algorithm used internally in Apache Commo
NOTE: https://www.openwall.com/lists/oss-security/2019/08/27/1
NOTE: Fixed in upstream commit: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commitdiff;h=4ad5d80a6272e007f64a6ac66829ca189a8093b9;hp=16a0c84e84b93cc8c107b7ff3080bd11317ab581
CVE-2019-12401 (Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are v ...)
- - lucene-solr <unfixed>
- [jessie] - lucene-solr <not-affected> (system libraries of libwoodstox-java and libstax-api-java are used in Debian)
+ - lucene-solr <not-affected> (system libraries of libwoodstox-java and libstax-api-java are used in Debian)
NOTE: https://issues.apache.org/jira/browse/SOLR-13750
NOTE: https://www.openwall.com/lists/oss-security/2019/09/10/1
NOTE: Upstream's fix (upgrading dependencies) suggests the issue is in libwoodstox-java:
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/296b77e7bb1e121945504ca85aa83a99c4fd5b19
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/296b77e7bb1e121945504ca85aa83a99c4fd5b19
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191008/c92fed4d/attachment.html>
More information about the debian-security-tracker-commits
mailing list