-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 15 Aug 2020 22:52:11 +0200 Source: lucene-solr Binary: liblucene3-java liblucene3-contrib-java liblucene3-java-doc libsolr-java solr-common solr-tomcat solr-jetty Architecture: source all Version: 3.6.2+dfsg-10+deb9u3 Distribution: stretch-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: liblucene3-contrib-java - Full-text search engine library for Java - additional libraries liblucene3-java - Full-text search engine library for Java - core library liblucene3-java-doc - Documentation for Lucene libsolr-java - Enterprise search server based on Lucene - Java libraries solr-common - Enterprise search server based on Lucene3 - common files solr-jetty - Enterprise search server based on Lucene3 - Jetty integration solr-tomcat - Enterprise search server based on Lucene3 - Tomcat integration Changes: lucene-solr (3.6.2+dfsg-10+deb9u3) stretch-security; urgency=high . * Team upload. * Fix CVE-2019-0193: The DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting from now on, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. For example this can be achieved with solr-tomcat by adding -Denable.dih.dataConfigParam=true to JAVA_OPTS in /etc/default/tomcat7. * Disable the tests because they fail because of network errors. Checksums-Sha1: 4d86f300fbe25c3824a06be8c98ef252526604dd 3406 lucene-solr_3.6.2+dfsg-10+deb9u3.dsc 4551e57f6aad6cd1220954f609b922643b741a09 53468 lucene-solr_3.6.2+dfsg-10+deb9u3.debian.tar.xz 5d39cd05a8aafa641a8b70c5103021141061c636 10974202 liblucene3-contrib-java_3.6.2+dfsg-10+deb9u3_all.deb 37e6b785ec75d370f317449e2864769dcf408e4b 4825626 liblucene3-java-doc_3.6.2+dfsg-10+deb9u3_all.deb 3672549a3458714f38206f40227101196f7dd504 1563914 liblucene3-java_3.6.2+dfsg-10+deb9u3_all.deb 8342ffa1a5e7be87ed392e91d29be53367921ed8 2040118 libsolr-java_3.6.2+dfsg-10+deb9u3_all.deb 74e12cb066bd445674cd7bb9326c96003a14c656 14940 lucene-solr_3.6.2+dfsg-10+deb9u3_amd64.buildinfo 1b2c7160a521785b7acd9c5b9ab067e5c6f19bde 144930 solr-common_3.6.2+dfsg-10+deb9u3_all.deb 4d1a31032550516cf867022db8c917994515d4ab 9596 solr-jetty_3.6.2+dfsg-10+deb9u3_all.deb 418f6b26e061c2d716d8f0e035e6d20c1e357460 9866 solr-tomcat_3.6.2+dfsg-10+deb9u3_all.deb Checksums-Sha256: aa5c6c6107b526d597861885c4bdf529bfaffe1b41ea619153930eb149260213 3406 lucene-solr_3.6.2+dfsg-10+deb9u3.dsc 17281f72d9c8e0baf6de7140a46f24e56dc195f462d00ed1b3c12f8eb982d740 53468 lucene-solr_3.6.2+dfsg-10+deb9u3.debian.tar.xz 19f90fccbe3d2187a6b2d31b86123308a91609447a24a0f64ea50b985863e2d0 10974202 liblucene3-contrib-java_3.6.2+dfsg-10+deb9u3_all.deb e40632541154b4060fb3c8529e744944853885722e5155667eea66257b7b6483 4825626 liblucene3-java-doc_3.6.2+dfsg-10+deb9u3_all.deb 732a94892bb733537407af771d41c787b61ef459b5d66affd2e471fbc747bb9e 1563914 liblucene3-java_3.6.2+dfsg-10+deb9u3_all.deb 919145224609d820a7bca83b9536a197255f6db4520684c0987bdf878ba4ebd5 2040118 libsolr-java_3.6.2+dfsg-10+deb9u3_all.deb ac1171c38f7e08d2f1a5371d1a4bc98d7b415e23476e6fe1c559107229389d5f 14940 lucene-solr_3.6.2+dfsg-10+deb9u3_amd64.buildinfo c469617064f47c2ffc8a90d7f60a7814017b5536c7495b1cbfbf42f2c76050e5 144930 solr-common_3.6.2+dfsg-10+deb9u3_all.deb 3db809ce9b14cfde9f1a86de0770063c25876a957b8eb63ebb99d5023f58f58a 9596 solr-jetty_3.6.2+dfsg-10+deb9u3_all.deb 4cc82c406e727dc9fe7dde59e56ac8364301fb5057a14a403a8cf55ffcdf44dd 9866 solr-tomcat_3.6.2+dfsg-10+deb9u3_all.deb Files: 11319a91be39025cae5555807d5f2eae 3406 java optional lucene-solr_3.6.2+dfsg-10+deb9u3.dsc 715677a02cd0144195ef0dafee56f07f 53468 java optional lucene-solr_3.6.2+dfsg-10+deb9u3.debian.tar.xz 454752770ccf1c9f14575bd841a54bcc 10974202 java optional liblucene3-contrib-java_3.6.2+dfsg-10+deb9u3_all.deb 3f786d9851bf614d467d41f83cff537f 4825626 doc optional liblucene3-java-doc_3.6.2+dfsg-10+deb9u3_all.deb 9f74084314766d3047e6b1989ec0add1 1563914 java optional liblucene3-java_3.6.2+dfsg-10+deb9u3_all.deb 9ccbff77bd1607697a61a6712fd54721 2040118 java optional libsolr-java_3.6.2+dfsg-10+deb9u3_all.deb 5b27b3bf2cb6bc190c705ec0badc0416 14940 java optional lucene-solr_3.6.2+dfsg-10+deb9u3_amd64.buildinfo 4a5b2f6fee46daf5b3d23755c4e2fdc9 144930 java optional solr-common_3.6.2+dfsg-10+deb9u3_all.deb 2f8cf8c3117e1fc0eec0d1c5f996390a 9596 java optional solr-jetty_3.6.2+dfsg-10+deb9u3_all.deb 70445a147a38d907253cb8734a0595d3 9866 java optional solr-tomcat_3.6.2+dfsg-10+deb9u3_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl84b2JfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkweEP/iU6Y+KKSlfsNySohcNterUKDJ6vA1RUogJE 3rgCpJKpz+sny5e0mo4+Oz0b7CDBcnjH9SePGgRkR57gwe2cY45RlBFKJiyjYVqz XcFh2iBofkGkMmMVBfjvITT5WaLv1+ky0LrNIEmxPb9qusT79vUorMpTEVqs3J4B OGwL/i8RIfFaZooJQMIjtFiabOJOxOx5BqwCD/ohoDxNwLK15SJ8ocM5UJmTotfp DkUCNjDLVpaKef2n/fYRH37YRmdWO9OuGnUUwShLtp8dVRGpn/0DTEFGdLMpJUOH oqaEjDRpFFvJ26KK6oWYyrWnj7MslL044YE7G0eChrwW+w/F2A1tRu4vyO+tlBvg fThAr74MO/EtILNi4aFrsNGS+HAazIvErYLDqy0qDl6LgqkvQdUe+7ohRjVuIc91 sN4VQi+eTKqOxhuBpdXxd94+kM9kgsfhsP8cdrX+otewcqBYT1EiLyh2VkDtvb6n byEnPvD/2/EPj6O8LUjAXVXn7MBt3aQGe6eXx9omWk91B+bQ7tTBBdWfeypjjFEw fjOtHK5k7HjmCBYhsJzweqRIrMOSzs6sqQodQSUDMODLsnLMFGxsH6jGNBunj1P1 VPRxPtuXql7eKMjP4eQtausMsTtitzhekKDu4Qskl84lM/kUI48jmwajB92QLifN U95JtEdv =n1mF -----END PGP SIGNATURE-----