-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 02 May 2018 23:43:25 +0200 Source: lucene-solr Binary: liblucene3-java liblucene3-contrib-java liblucene3-java-doc libsolr-java solr-common solr-tomcat solr-jetty Architecture: source all Version: 3.6.2+dfsg-5+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: liblucene3-contrib-java - Full-text search engine library for Java - additional libraries liblucene3-java - Full-text search engine library for Java - core library liblucene3-java-doc - Documentation for Lucene libsolr-java - Enterprise search server based on Lucene - Java libraries solr-common - Enterprise search server based on Lucene3 - common files solr-jetty - Enterprise search server based on Lucene3 - Jetty integration solr-tomcat - Enterprise search server based on Lucene3 - Tomcat integration Closes: 896604 Changes: lucene-solr (3.6.2+dfsg-5+deb8u2) jessie-security; urgency=high . * Team upload. * Fix CVE-2018-1308: XML external entity expansion in Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. (Closes: #896604) Checksums-Sha1: 3e72326c36659a80a8b347cd6a6df8519c1a880f 3374 lucene-solr_3.6.2+dfsg-5+deb8u2.dsc e32facb17569c7b2f53da837d4a9666aff337a5d 50916 lucene-solr_3.6.2+dfsg-5+deb8u2.debian.tar.xz 2a2a22428cf0809a237a9bc5638785c913366cff 1500622 liblucene3-java_3.6.2+dfsg-5+deb8u2_all.deb cb7196a3a3a1e5f01570bdd68f12d76fa6f6358f 10896058 liblucene3-contrib-java_3.6.2+dfsg-5+deb8u2_all.deb f36e229cbda5c9f667dd8558c2c09190133a7e8a 4836948 liblucene3-java-doc_3.6.2+dfsg-5+deb8u2_all.deb 8f6b26391bfb35aa033d037f36563484a80d2254 1961392 libsolr-java_3.6.2+dfsg-5+deb8u2_all.deb eff4b3045dcab13f46ca0267d7d199e90917db9b 144528 solr-common_3.6.2+dfsg-5+deb8u2_all.deb d080e1d0079704fc01ee81b319961c227104e496 8972 solr-tomcat_3.6.2+dfsg-5+deb8u2_all.deb 39d45e91dc344bc57d9fb7c08af962b3a0a77030 8684 solr-jetty_3.6.2+dfsg-5+deb8u2_all.deb Checksums-Sha256: 614fc97761f450b57b99585f83532d9c62ed2639a5d6e69643a164695758fc1b 3374 lucene-solr_3.6.2+dfsg-5+deb8u2.dsc 0b9ca1b751a02e149d4d4e4cfa3a1e2fca67be961783f3b11cfccfae16aded5e 50916 lucene-solr_3.6.2+dfsg-5+deb8u2.debian.tar.xz 2a393273513065f9dc62455a0b58ba71a4c8db2fc076abf9c086b1a8d0000726 1500622 liblucene3-java_3.6.2+dfsg-5+deb8u2_all.deb b99f5e479ec9a15a9492040f19beb3be255dda328c15a5581703355dd365ebc0 10896058 liblucene3-contrib-java_3.6.2+dfsg-5+deb8u2_all.deb 026b69ad81270250b5f92f010fe5c740d163e1615f39e72992299335403cee69 4836948 liblucene3-java-doc_3.6.2+dfsg-5+deb8u2_all.deb c139d1f0d47d7111ac242888755ee30c853e692fa4904aac4f8c408cbb882556 1961392 libsolr-java_3.6.2+dfsg-5+deb8u2_all.deb c80a6b045ed0bc2e264de8ef2ab02bd91144fa469ebd1ad55d7cd63fd25cbbc6 144528 solr-common_3.6.2+dfsg-5+deb8u2_all.deb 16e42f75599e7a293aa7c7deb49de8df6474a8ac75377dfc24d9746c6cf8a9b0 8972 solr-tomcat_3.6.2+dfsg-5+deb8u2_all.deb 83dd010cf3948a92829adfb40b0fd66c7013304bc7cc9417b9d0326893e242cc 8684 solr-jetty_3.6.2+dfsg-5+deb8u2_all.deb Files: 8a17b4596834420b8e5ca0ae03d30c1c 3374 java optional lucene-solr_3.6.2+dfsg-5+deb8u2.dsc f7307d3b9099f0c6841730fb5aeef4a2 50916 java optional lucene-solr_3.6.2+dfsg-5+deb8u2.debian.tar.xz 515a77f3c8981ca61cff697374305895 1500622 java optional liblucene3-java_3.6.2+dfsg-5+deb8u2_all.deb d659cf591344aa6d5dcb33e64f8fced4 10896058 java optional liblucene3-contrib-java_3.6.2+dfsg-5+deb8u2_all.deb c790784ae75116ccc379f7f32641dded 4836948 doc optional liblucene3-java-doc_3.6.2+dfsg-5+deb8u2_all.deb bd953e062da1f4c94273064fa0d2229e 1961392 java optional libsolr-java_3.6.2+dfsg-5+deb8u2_all.deb 4102600fb402b978d08a561e2da33137 144528 java optional solr-common_3.6.2+dfsg-5+deb8u2_all.deb 599be5d3580e6cbbe82c0dc3bb7d763e 8972 java optional solr-tomcat_3.6.2+dfsg-5+deb8u2_all.deb bb40871761339b329c89a9ce88a80a13 8684 java optional solr-jetty_3.6.2+dfsg-5+deb8u2_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlrrfJ5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkzqoQAJSnN2w5VrDvIiSWHHPT4vj3ivz9x3W0Ni/k BxIcjpX388pjg9LD+Rze07ekg0VDFfrlCm94/le0ZVzGDAcpzAc5NHPiLzmLTbo4 0aN1jqFacfgQLmXU87yjXd0tCyLRWuKsR/r59BAva20m5PGijizh87qSP8x/SzMo d7vQH+7ccp+fS5l4S/yzHs2jI0IHW2if2+wBts4/uYJx3f3QMxDWApqDh0BiQOc2 MPiclUP4JCsNR2lxz1OFdK9WuLHasNBG08AsUC+XsE1yfP+aQMOnuytU9Uuc6Uz9 xb+hV1k9JCVjEME9+MqTayKBgGoZarvSQMJ5KKLQluF1uoPNo9ymNaqEDoHw5enF eRphyCXhfXzDCdjSWwDdhxgOJa9Zm4u6eVEUBIPM3jpPp7FiNlBtqtbbPMji8jj8 ++0YDrBkrx5aInjOkQwseSy+dL3kqu/lRCtBKLQCoHLEybFlOyPM1WqCMzefjeOa cZCXysq5o8iLIuzn5yGypKFaPScK/ifInlZt7p58w3RBss5IKCUISJACs4PPlsPJ dehOJIazuhtt/+ap8CDfU0AVDjoBSVxm4dIRlq8iXS3W7H/Weq95RhYZKXXAPIYM C/2rCB8sNLrQChtPwP6GpoGfY9z9mk0nG7Ztp35cbh8Z71rXD+QRiPOnDlKTkg6x oh23CAjZ =gbXf -----END PGP SIGNATURE-----