[Git][security-tracker-team/security-tracker][master] mark lucene-solr as fixed in sid, it dropped the server bits and now only...

Mon Feb 22 18:01:55 GMT 2021


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e1e4f160 by Moritz Muehlenhoff at 2021-02-22T19:01:17+01:00
mark lucene-solr as fixed in sid, it dropped the server bits and now only provides some base classes for reverse deps

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -59845,12 +59845,13 @@ CVE-2020-13943 (If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.
 CVE-2020-13942 (It is possible to inject malicious OGNL or MVEL scripts into the /cont ...)
 	NOT-FOR-US: Apache Unomi
 CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), rel ...)
-	- lucene-solr <unfixed>
+	- lucene-solr 3.6.2+dfsg-23
 	[buster] - lucene-solr <ignored> (Minor issue)
 	[stretch] - lucene-solr <ignored> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/08/15/1
 	NOTE: https://issues.apache.org/jira/browse/SOLR-14561
 	NOTE: https://github.com/apache/lucene-solr/commit/936b9d770e769c9018a9f408d576f52e7c4e8be2
+	NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version
 CVE-2020-13940 (In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and v ...)
 	NOT-FOR-US: Apache NiFi
 CVE-2020-13939



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1e4f160840caeb983eb051b84ece98d8da0b2d0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1e4f160840caeb983eb051b84ece98d8da0b2d0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210222/1ac0dfe6/attachment-0001.htm>
