Package: lucene-solr X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for lucene-solr. CVE-2018-1308[0]: | This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 | relates to an XML external entity expansion (XXE) in the | `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It | can be used as XXE using file/ftp/http protocols in order to read | arbitrary local files from the Solr server or the internal network. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1308 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1308 Please adjust the affected versions in the BTS as needed. Regards, Markus
signature.asc
Description: OpenPGP digital signature
__ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
