Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted lucene-solr 3.6.2+dfsg-5+deb8u3 (source all) into oldoldstable
Date: Thu, 10 Oct 2019 16:40:18 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 09 Oct 2019 17:41:55 +0200
Source: lucene-solr
Binary: liblucene3-java liblucene3-contrib-java liblucene3-java-doc libsolr-java solr-common solr-tomcat solr-jetty
Architecture: source all
Version: 3.6.2+dfsg-5+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 liblucene3-contrib-java - Full-text search engine library for Java - additional libraries
 liblucene3-java - Full-text search engine library for Java - core library
 liblucene3-java-doc - Documentation for Lucene
 libsolr-java - Enterprise search server based on Lucene - Java libraries
 solr-common - Enterprise search server based on Lucene3 - common files
 solr-jetty - Enterprise search server based on Lucene3 - Jetty integration
 solr-tomcat - Enterprise search server based on Lucene3 - Tomcat integration
Changes:
 lucene-solr (3.6.2+dfsg-5+deb8u3) jessie-security; urgency=high
 .
   * Fix CVE-2019-0193:
     The DataImportHandler, an optional but popular module to pull in data from
     databases and other sources, has a feature in which the whole DIH
     configuration can come from a request's "dataConfig" parameter. The debug
     mode of the DIH admin screen uses this to allow convenient debugging /
     development of a DIH config. Since a DIH config can contain scripts, this
     parameter is a security risk. Starting from now on, use of this parameter
     requires setting the Java System property "enable.dih.dataConfigParam" to
     true. For example this can be achieved with solr-tomcat by adding
     -Denable.dih.dataConfigParam=true to JAVA_OPTS in /etc/default/tomcat7.
   * Disable the tests because they fail because of network errors.
Checksums-Sha1:
 fd987c87ced3fa3b3a87f15095b91c82503a7403 3374 lucene-solr_3.6.2+dfsg-5+deb8u3.dsc
 11d233a1bd426cafde9ef92f650d3b68bc4772bc 51716 lucene-solr_3.6.2+dfsg-5+deb8u3.debian.tar.xz
 9035e6d2aafe86828f6a0d07dcc6fe87d94ed822 1502544 liblucene3-java_3.6.2+dfsg-5+deb8u3_all.deb
 468c79a9771f7f532e4dc6c703e20e0f0a3abbb2 10893314 liblucene3-contrib-java_3.6.2+dfsg-5+deb8u3_all.deb
 26da0f4e763dea11f409d24216c36ab0c91125b7 4806728 liblucene3-java-doc_3.6.2+dfsg-5+deb8u3_all.deb
 2f12b558e2027bc15cd57fccb264ca4261c53ad9 1962046 libsolr-java_3.6.2+dfsg-5+deb8u3_all.deb
 274b94227a6e0a11ccbd7295c51a4cac43cd73b0 145050 solr-common_3.6.2+dfsg-5+deb8u3_all.deb
 aef4d8697048f1e44f5d787e4b30bf4a22d4672c 9352 solr-tomcat_3.6.2+dfsg-5+deb8u3_all.deb
 36a1ff295fe4a45fff19cc40e829953ecb97ce92 9038 solr-jetty_3.6.2+dfsg-5+deb8u3_all.deb
Checksums-Sha256:
 6a66eded5410ac3efbe2c984a48a985cbdf66cb0936bebc46719656fd1e54fb6 3374 lucene-solr_3.6.2+dfsg-5+deb8u3.dsc
 e46c4fcc5edd66e2b1991e6c3adf60ff32b43c66c96d31765606280be86b8326 51716 lucene-solr_3.6.2+dfsg-5+deb8u3.debian.tar.xz
 b7f039573517477ad3e81079d6224896cae49dde840188aa37874b7588488bfd 1502544 liblucene3-java_3.6.2+dfsg-5+deb8u3_all.deb
 30525365c52ec364daa8ffca1397ad58a1245db4975b060f535e170b35d71c0d 10893314 liblucene3-contrib-java_3.6.2+dfsg-5+deb8u3_all.deb
 5f6bd58868811e7244e504d62dc7a02be3fbbaa6aec7e5a27243542bc73c1712 4806728 liblucene3-java-doc_3.6.2+dfsg-5+deb8u3_all.deb
 a5cad2effb061f3dfb8c41ad9984c466b3319449141df2a7db5d4788deb5a792 1962046 libsolr-java_3.6.2+dfsg-5+deb8u3_all.deb
 636dbcdbdb8b8ab73d3baa7ffa1aeecd891a3a7c73270c237cd9c31a6285d136 145050 solr-common_3.6.2+dfsg-5+deb8u3_all.deb
 887e832fa73e07d885a455464fbea53493a21b1f782a5a2254001ad7a8c6baae 9352 solr-tomcat_3.6.2+dfsg-5+deb8u3_all.deb
 0fb484f1b36bd8199135f8e921cff353f1b48e9056c09134d87a404b344943dd 9038 solr-jetty_3.6.2+dfsg-5+deb8u3_all.deb
Files:
 b2a9a530f14341e554095fad1b6ca6aa 3374 java optional lucene-solr_3.6.2+dfsg-5+deb8u3.dsc
 dcc55cdadb87f1d79e0d34b3247d3dea 51716 java optional lucene-solr_3.6.2+dfsg-5+deb8u3.debian.tar.xz
 1802220e6016f48bc56a849b76b470dc 1502544 java optional liblucene3-java_3.6.2+dfsg-5+deb8u3_all.deb
 8e82552802043cee88bf4a0c3bbb1463 10893314 java optional liblucene3-contrib-java_3.6.2+dfsg-5+deb8u3_all.deb
 7d1088e6c38d01b4c0bdae1cd19d63bc 4806728 doc optional liblucene3-java-doc_3.6.2+dfsg-5+deb8u3_all.deb
 5c4144431a04586b90928f48b3a60c0b 1962046 java optional libsolr-java_3.6.2+dfsg-5+deb8u3_all.deb
 6ebc8515b2abcb5b58a9bbc6df6cc22b 145050 java optional solr-common_3.6.2+dfsg-5+deb8u3_all.deb
 ac8a29380fea8af59f9ec87a7c2c561e 9352 java optional solr-tomcat_3.6.2+dfsg-5+deb8u3_all.deb
 8b94ab4dfd1236c3d62b9efe47157ae5 9038 java optional solr-jetty_3.6.2+dfsg-5+deb8u3_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl2fXEVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkE/gQALC2xmOMgs6vqfHInGOIpnIbOzaJNOdNSUdM
vL1Yf2IVYxMIjb6ksQWmtDrTyGExxpdB35383cEuYI+rvV1cAsZZNsYlDpnJRG3v
M7VfQzHUrfZpLfK+oeTDqzzDhVX2mkF8pmo8kt50H6aUqet1Ji4eaqm1rEF2WP2r
jVk+boUnwE9kB6eIKRJ0UeIZOp27WKCbZZe0PJmyEIvsCJMdMOCIxV4VXNqlOu2I
u5JoEsoAqkQp58sgnMBkBiBBNDUngALLBl+GWqbfQ6p67NQu7d5Ih2YSyI8AqqBM
FQo9jwSfegFcc8OZtTJktS8X8ThAM4Zsy+aL4rEP3gU43VwifCLSGBc6NiPd+XpF
AauknRoYpkPPlxDTOjl9GBvDet3ANr1cMU02m/0G8xlw5I5EHPp7OEOsAT5djozV
vAbh88iqcmfAQkhfFGZY4L0pn3PBx2w0PPAbEXoXxpft8NuFHJFqgI4lAaMf2XL8
N/wDNMyJKqCuCDz7oK/KzNoRWbYYgSNPnhbVdgUbEYcYA6oVkM7BBdoZneriRxcL
zce5q2x1P3lSngIvz5VdX/6WymsJ6+fSPUlu0yxWy8FT15oK54GP9CusomDFJmcC
I6RZe80ESMQvh97SNgyg/6DGgMyg0d01Q/VSXkslr0jBjnpIEaIXqyjPk1aH/2mE
b0zs4uWe
=CGuv
-----END PGP SIGNATURE-----
News for package lucene-solr
