[SECURITY] [DLA 1360-1] lucene-solr security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : lucene-solr
Version : 3.6.0+dfsg-1+deb7u4
CVE ID : CVE-2018-1308
Debian Bug : #896604
It was discovered that there was an XML external entity expansion (XXE)
vulnerability in lucene-solr, a search engine library for Java.
It could be exploited to read arbitrary local files from the Solr server
or the internal network. For Debian 7 "Wheezy", this issue has been fixed
in lucene-solr version 3.6.0+dfsg-1+deb7u4.
We recommend that you upgrade your lucene-solr packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlrfb70ACgkQHpU+J9Qx
Hlj1ORAAtdnZ+t6ohgV3aWxH47DxwY/zdnVI/ZdU5QNuEWa1GmFyuwfdACPLnK6O
o8A0Tx4NV+QFgyuxocSWo3mgmMWLHE5KBdl8TG8weuUz2nUqbuQDV6+T30icSwlx
a324h5YlAHsyWi1S5k1/O9zeRwlRxexyCT7NJ2dYazopFhXLTo3GmRQW1Gs8Mbko
XM8DaVquYSxtAJ5uO1KfMOK5yGZCSwfGxFCMUwITUd9BV3yq9hsPwSkLc6WItyz3
T9ah7w+OORMBRANNMTwA/9h2s54NkYugm9oksghNBGtaJTqsYqH3Bqt1wwFqcTIm
qvcmz24xTH4UPdfKSHcw7AvRBqjd7HoEcKHnJ15uL3pXlAd5Q5LmSAINIedz376+
Wf4b8fou1ORHOYQuK87pNO6hh+EGfWdM5JGeFuZqNYmxRwwEeDfbvyzQR4+kKy/k
L9kdCo03nR/8GDZTvEb+rqCI+DnF4tAECNWWODsg1806fb11ukI2c2M6X3+bxZAP
EjdbyMswjWVsNVB4uNzLa4EvKcUoDH9uGJbWCwXVFyc2cCDZNZDIBiLfAXBkxGph
1GP/7SyPhcvQKQCuh3H+QyIt1tEuMhvASKScGcxkjoX2k9HKOK9WqaaY4uheY8FB
tyQtRUtpine/hRR2H6t8ZrURgttKMyIJ1yOERXeztNW4u15dvn4=
=ucBW
-----END PGP SIGNATURE-----
Reply to: