-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4194-1 security@xxxxxxxxxx https://www.debian.org/security/ Moritz Muehlenhoff May 06, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : lucene-solr CVE ID : CVE-2018-1308 An XML external entity expansion vulnerability was discovered in the DataImportHandler of Solr, a search server based on Lucene, which could result in information disclosure. For the oldstable distribution (jessie), this problem has been fixed in version 3.6.2+dfsg-5+deb8u2. For the stable distribution (stretch), this problem has been fixed in version 3.6.2+dfsg-10+deb9u2. We recommend that you upgrade your lucene-solr packages. For the detailed security status of lucene-solr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/lucene-solr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlrvPkMACgkQEMKTtsN8 TjZLxQ/+KktDJPpsG5DxRvVka3pECHzGnI1ZkI6Ln/kCwo55DNON9gLHCP1Ga/Fg WQd7/k2LsNYqUfzdu9wa98hS2BeRhPm13fOrUC0HdM7VE4GUh05xboTYlfsABTgz srJM6OTCurXDiYbWUxrGvn/06/Eh/QuwsvGoOQ1H2UvNSd5TJwOmkK+3oGtxWiL2 kgwN6el1fgBaA6mRLN2YkTgvkUmmYjbHww1EW4AYVpp+EJgrumXA3k3234jA8mNh lzmiGKWyVJs6JngCT3ZYVu4BXf0X2mn/sagVaXZ+UJws67FR9qUGM9HTjjkl4htp groN0CXaQ1tni91FDHyfvMvgkuM2YrgIV867ziz5J0gzzV0MYc6b6bK5i9rdUHbB YodB59wzE8uky69Zs6WA7j2f0k1z250jzAUEhj+MgYG+rVycF9vfOvVbsO3umkjA sT7pjzktzd1iZ5keVuDBJQEREEA+ZetzEj+ZBrW5o0wTibf0pJSZ4JAtC8hBiO3S UGtWTl428lAZK7zPyxMkZAGh1EmvyYf5dNJTjZE/UY8UlhPybnMfzdlREOkLIS96 x0VIIetmXrw0FVUXZsDdMsnbikHbMe5999w3Fd5vo/xlBEriksaqBcWUd8oTHw5a 1FuiJPU64/Ulyo2Y2ZbA27O7zbJAC2LRIacSlLUz4mQAxxKfhjM= =tbeu -----END PGP SIGNATURE-----