[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-0193,lucene-solr: Fixed in unstable

Markus Koschany apo at debian.org
Thu Oct 10 16:44:27 BST 2019 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a0527f74 by Markus Koschany at 2019-10-10T15:43:39Z
CVE-2019-0193,lucene-solr: Fixed in unstable

- - - - -
5133f840 by Markus Koschany at 2019-10-10T15:44:14Z
Reserve DLA-1954-1 for lucene-solr

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -50019,7 +50019,7 @@ CVE-2019-0195 (Manipulating classpath asset file URLs, an attacker could guess t
 CVE-2019-0194 (Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 ...)
 	NOT-FOR-US: Apache Camel
 CVE-2019-0193 (In Apache Solr, the DataImportHandler, an optional but popular module  ...)
-	- lucene-solr <unfixed> (low)
+	- lucene-solr 3.6.2+dfsg-22
 	NOTE: https://issues.apache.org/jira/browse/SOLR-13669
 	NOTE: upstream recommends everybody upgrade or rework their configuration
 	NOTE: consider backporting enable.dih.dataConfigParam instead:


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[10 Oct 2019] DLA-1954-1 lucene-solr - security update
+	{CVE-2019-0193}
+	[jessie] - lucene-solr 3.6.2+dfsg-5+deb8u3
 [10 Oct 2019] DLA-1953-1 clamav - security update
 	{CVE-2019-12625 CVE-2019-12900}
 	[jessie] - clamav 0.101.4+dfsg-0+deb8u1


=====================================
data/dla-needed.txt
=====================================
@@ -89,8 +89,6 @@ linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)
 --
-lucene-solr (Markus Koschany)
---
 milkytracker (Utkarsh Gupta)
   NOTE: 20190830: Several <no-dsa> issues open for jessie.
   NOTE: 20191008: Testing the package.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/269f482391ebc791014c63d915f175ca82c70cc6...5133f84046116d811e3e1d243861049bc4956317

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/269f482391ebc791014c63d915f175ca82c70cc6...5133f84046116d811e3e1d243861049bc4956317
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191010/41f0684c/attachment.html>

More information about the debian-security-tracker-commits mailing list