UbuntuUpdates.org

Package "lucene-solr"

Name: lucene-solr

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Full-text search engine library for Java - additional libraries
  • Full-text search engine library for Java - core library
  • Documentation for Lucene
  • Enterprise search server based on Lucene - Java libraries
Latest version: 3.6.2+dfsg-8ubuntu0.1
Release: xenial (16.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "lucene-solr" in Xenial

Repository Area Version
base universe 3.6.2+dfsg-8
security universe 3.6.2+dfsg-8ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.6.2+dfsg-8ubuntu0.1 2020-01-29 18:06:27 UTC

  lucene-solr (3.6.2+dfsg-8ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Remote code execution via an XXE
    - debian/patches/CVE-2017-12629-1.patch: SOLR-11477: Disallow resolving of
      external entities in Lucene queryparser/xml/CoreParser
    - debian/patches/CVE-2017-12629-2.patch: RunExecutableListener was removed
      for security reasons
    - CVE-2017-12629

 -- Mike Salvatore <email address hidden> Tue, 28 Jan 2020 09:00:46 -0500
CVE-2017-12629 Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-li


About   -   Send Feedback to @ubuntu_updates