mark lucene-solr as fixed in sid, it dropped the server bits and now only provides some base classes for reverse deps

author: Moritz Muehlenhoff <jmm@debian.org> 2021-02-22 19:01:17 +0100
committer: Moritz Muehlenhoff <jmm@debian.org> 2021-02-22 19:01:17 +0100
commit: c480a04d75f097f922a5c52d9819b9ae98b110a7 (patch)
tree: 99268b1c7157b0a09626f90103c693fcdca8d56e /data/CVE/2020.list
parent: d92c586000cf04214be500b3bbe33de967f76a8b (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 407022c592..cdf070a6f2 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -37630,12 +37630,13 @@ CVE-2020-13943 (If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.
 CVE-2020-13942 (It is possible to inject malicious OGNL or MVEL scripts into the /cont ...)
 	NOT-FOR-US: Apache Unomi
 CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), rel ...)
-	- lucene-solr <unfixed>
+	- lucene-solr 3.6.2+dfsg-23
 	[buster] - lucene-solr <ignored> (Minor issue)
 	[stretch] - lucene-solr <ignored> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/08/15/1
 	NOTE: https://issues.apache.org/jira/browse/SOLR-14561
 	NOTE: https://github.com/apache/lucene-solr/commit/936b9d770e769c9018a9f408d576f52e7c4e8be2
+	NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version
 CVE-2020-13940 (In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and v ...)
 	NOT-FOR-US: Apache NiFi
 CVE-2020-13939
author	Moritz Muehlenhoff <jmm@debian.org>	2021-02-22 19:01:17 +0100
committer	Moritz Muehlenhoff <jmm@debian.org>	2021-02-22 19:01:17 +0100
commit	c480a04d75f097f922a5c52d9819b9ae98b110a7 (patch)
tree	99268b1c7157b0a09626f90103c693fcdca8d56e /data/CVE/2020.list
parent	d92c586000cf04214be500b3bbe33de967f76a8b (diff)