[Git][security-tracker-team/security-tracker][master] CVE-2020-13941,lucene-solr: Mark as ignored for Stretch and Buster.

Mon, 31 Aug 2020 02:04:37 -0700 


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f0e367a3 by Markus Koschany at 2020-08-31T10:56:03+02:00
CVE-2020-13941,lucene-solr: Mark as ignored for Stretch and Buster.

Remove lucene-solr from dla-needed.txt.

CVE-2020-13941 is about adding a new parameter to the CoreAdminAPI that
validates whether a user is allowed to write or read data to or from a different
directory than the default dataDir directory.

In Debian the default dataDir directory is /var/lib/solr/data. This is
specified in /etc/solr/conf/solrconfig.xml. See also set-data-dir.patch and
solr-common.README.Debian. The only way to change that is to edit
/etc/solr/conf/solrconfig.xml. The value in solrconfig.xml overrides any
dataDir value that is passed to the dynamic core admin interface. That means
that only system administrators should be able to change that value. This makes
CVE-2020-13941 a rather minor issue for Debian and backporting the new
configuration option does not seem strictly necessary.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -23679,6 +23679,8 @@ CVE-2020-13942
        RESERVED
 CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 
(public), rel ...)
        - lucene-solr <unfixed>
+       [buster] - lucene-solr <ignored> (Minor issue)
+       [stretch] - lucene-solr <ignored> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2020/08/15/1
        NOTE: https://issues.apache.org/jira/browse/SOLR-14561
        NOTE: 
https://github.com/apache/lucene-solr/commit/936b9d770e769c9018a9f408d576f52e7c4e8be2


=====================================
data/dla-needed.txt
=====================================
@@ -102,8 +102,6 @@ linux-4.9 (Ben Hutchings)
 --
 lua5.3
 --
-lucene-solr (Markus Koschany)
---
 mumble
   NOTE: 20200325: Regression in last upload, forgot to follow up.
   NOTE: 20200325: https://github.com/mumble-voip/mumble/issues/3605 (abhijith)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0e367a3d1e318d240b4e758b7d142f91a045b98

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0e367a3d1e318d240b4e758b7d142f91a045b98
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to