-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 10 Oct 2019 17:39:16 +0200
Source: lucene-solr
Architecture: source
Version: 3.6.2+dfsg-22
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Changes:
lucene-solr (3.6.2+dfsg-22) unstable; urgency=medium
.
* Add myself to Uploaders and remove Jakub Adam, James Page and Mat Scales
because they are not active anymore.
* Declare compliance with Debian Policy 4.4.1.
* Fix CVE-2019-0193:
The DataImportHandler, an optional but popular module to pull in data from
databases and other sources, has a feature in which the whole DIH
configuration can come from a request's "dataConfig" parameter. The debug
mode of the DIH admin screen uses this to allow convenient debugging /
development of a DIH config. Since a DIH config can contain scripts, this
parameter is a security risk. Starting from now on, use of this parameter
requires setting the Java System property "enable.dih.dataConfigParam" to
true. For example this can be achieved with solr-tomcat by adding
-Denable.dih.dataConfigParam=true to JAVA_OPTS in /etc/default/tomcat9.
Checksums-Sha1:
b83b067ecffd2b539798071d47de0e3a131f5ea9 3252 lucene-solr_3.6.2+dfsg-22.dsc
da8b922f0bca72f40619973c3651b645242882b1 54340 lucene-solr_3.6.2+dfsg-22.debian.tar.xz
46f36b7e276adc61a735df64aea4fd04d9833872 12261 lucene-solr_3.6.2+dfsg-22_amd64.buildinfo
Checksums-Sha256:
0ca1f1667763426be9fff5483dd7dbcf0f4bca3ae337a395f852190fc6fbb61e 3252 lucene-solr_3.6.2+dfsg-22.dsc
a06692a199ab758e7a896f01061af2934cd200bfa94e532db1bb68bb964038d3 54340 lucene-solr_3.6.2+dfsg-22.debian.tar.xz
5159ed1ec2a09d806effff10de29b40e31fd1cfacd4a59b488666e8c74b77bfc 12261 lucene-solr_3.6.2+dfsg-22_amd64.buildinfo
Files:
afbc65c320531546326ba11a02e6f95b 3252 java optional lucene-solr_3.6.2+dfsg-22.dsc
dd7d073370dca5ecea6569d735667317 54340 java optional lucene-solr_3.6.2+dfsg-22.debian.tar.xz
6f88fa2b41513bdf7a747bb30db9764a 12261 java optional lucene-solr_3.6.2+dfsg-22_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl2fUnlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk44kP/RNYr9CZkOt/ALYTWMV/h4Tech5tjOaP7PY4
WEx9XwafyIZvnS7apVu98TcruNFGlhk1EKOoSDZzy1V5yPfBT48jyJKQn9aJ5rDt
0cou0D3vDDrJ1fwV/axg7oPEpP+c6YLUQWmDZbvDJzadgJ/FqhogdpS1ttk0J5Mj
Dd91q+fXTQRRNJXZHMkuYw5jeTbT3kxF4SRf6wtrEhaJENWUl9b+E9qPpeMsq8V7
OVeWhjmVHpmblf9nFa4TObwot94qcgilMyNUL6puSsS3zabjjv8zCzEFyHnST+OM
c1LGzcLKf5bWBItT9hTBcQN7Cv0ppiFrKj/aM5SOwmgYnAd33LgvwO9qnEmFpti9
J4oTIJ81ugsvFvYHi3rHIvE6/sIsSMKTQC6cVM9PQ0eQuTOpnuBs1OlJMObwyqTy
wF0H9tS5vkWMDlg8Hig3VQOwB0+BOP+HYiDsJY/XDle8D9HswnKS4A5AMOdn8pz7
Xth/KI5rC7dTeaG+/k7b302CPiBzVDsvrgcDnb0MGKFei/1FwzgvDZd7VXXcR41Y
muq3jx7l33tFIeq6otWSqOvcJK3uE1Epl6RD/eK250udfERlIp/F1Ke3SBp3C4Xs
I2qZddjQANf9DdycADHa0NqQt0QUXy7SvAopbGAVMKhQLrUk36FDHzg1/nwTyehN
kJoerBxm
=ou2z
-----END PGP SIGNATURE-----
