lucene-solr_3.6.2+dfsg-20+deb10u2_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Mon Aug 24 19:02:08 BST 2020
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 16 Aug 2020 15:56:26 +0200
Source: lucene-solr
Architecture: source
Version: 3.6.2+dfsg-20+deb10u2
Distribution: buster
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Changes:
lucene-solr (3.6.2+dfsg-20+deb10u2) buster; urgency=medium
.
* Team upload.
* Fix CVE-2019-0193:
The DataImportHandler, an optional but popular module to pull in data from
databases and other sources, has a feature in which the whole DIH
configuration can come from a request's "dataConfig" parameter. The debug
mode of the DIH admin screen uses this to allow convenient debugging /
development of a DIH config. Since a DIH config can contain scripts, this
parameter is a security risk. Starting from now on, use of this parameter
requires setting the Java System property "enable.dih.dataConfigParam" to
true. For example this can be achieved with solr-tomcat by adding
-Denable.dih.dataConfigParam=true to JAVA_OPTS in /etc/default/tomcat9.
Checksums-Sha1:
c037a4457451183b73c904a19f24ec037b6c0f15 3347 lucene-solr_3.6.2+dfsg-20+deb10u2.dsc
ed8e01d2317cafa1700098437e376daadff98e2d 54520 lucene-solr_3.6.2+dfsg-20+deb10u2.debian.tar.xz
08ffeb86f105d213ab7eddb2571f40210e123586 12488 lucene-solr_3.6.2+dfsg-20+deb10u2_amd64.buildinfo
Checksums-Sha256:
a2a0e47f507ec6b0ea4700997fbce916be6269411b109c0396d3243ac2376ab0 3347 lucene-solr_3.6.2+dfsg-20+deb10u2.dsc
9f101c1550c1bc4035adbca49383fd7b37f2e71025f15a35fd6564f8f8cc8f85 54520 lucene-solr_3.6.2+dfsg-20+deb10u2.debian.tar.xz
b69fa82e3e74cf8a026bc5cfbec9bcb3fdea40dcd634b004635e22a74bfc3d26 12488 lucene-solr_3.6.2+dfsg-20+deb10u2_amd64.buildinfo
Files:
8d9675bb3524824dcf171a75f00063f4 3347 java optional lucene-solr_3.6.2+dfsg-20+deb10u2.dsc
b5d5357c50386792de77962d92e66234 54520 java optional lucene-solr_3.6.2+dfsg-20+deb10u2.debian.tar.xz
773d5aba513671c2497db1b236094d31 12488 java optional lucene-solr_3.6.2+dfsg-20+deb10u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl85WGRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkCu0P/inRzrj3Wd7LuGF08RDWiQjKYYMN0yU68dcl
iiWtMvPHF0BkJ9U2doyhbXfaSQz+oP6XdMTyxiiqM/L+zVLlHxghhOgscJiAGTix
5GtI7dCZpvCapba0k0WSTUTUzizFWu8+TTzgDgFurhpdh5+wwFNqecnHzaFYizFL
eyuyHEQ89Ni6fv1bYgN6mx2Zp6exXyWOAqbl/Iu8MFTk60oYDx+gl1DFtfwYJPZM
A4kHG27qtxPIukXAI27Urac/nBkZw0UWhzSm7J21vDCS4U/5yQht0XmKTsCt5mdp
2WQPPuYo0EIYpJN4CvWkbQZ9m7pxETKSdYBh67IR5UASH6mdKycNQeq/Fqc+DoP/
PjU470SLZafAyU0bZtkE6foUZ9fNfBFOR4eeulvTEZJzA394877l/BbKX15Z8DpZ
1GegoHTuo0xFYS9uCxU0Qo8DawpeB/PQ316D95odOe6DBb2AJiZeq4tdB28q1FY4
iR1XpTfO/9klTWF8zDZr89ZLcVvwsVVpJSh8XG/PonL4MVqQwgB2Y7xt37oJQb+7
skN3i9wMnBhLU7bNGapnWnI6niqA76T8owmR3Bn+zLFUV4ltlJnzb/7y+Jn2zstU
mtp3YYq+6B0SiIil7T38JHRyleoWmz9yc4uXF8QoFX5ufKMZm8uBUZ/dn0vH8EzJ
4fylrqLY
=+2Uy
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-java-maintainers
mailing list