From c480a04d75f097f922a5c52d9819b9ae98b110a7 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 22 Feb 2021 19:01:17 +0100
Subject: mark lucene-solr as fixed in sid, it dropped the server bits and now
 only provides some base classes for reverse deps

---
 data/CVE/2020.list | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'data/CVE/2020.list')

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 407022c592..cdf070a6f2 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -37630,12 +37630,13 @@ CVE-2020-13943 (If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.
 CVE-2020-13942 (It is possible to inject malicious OGNL or MVEL scripts into the /cont ...)
 	NOT-FOR-US: Apache Unomi
 CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), rel ...)
-	- lucene-solr <unfixed>
+	- lucene-solr 3.6.2+dfsg-23
 	[buster] - lucene-solr <ignored> (Minor issue)
 	[stretch] - lucene-solr <ignored> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/08/15/1
 	NOTE: https://issues.apache.org/jira/browse/SOLR-14561
 	NOTE: https://github.com/apache/lucene-solr/commit/936b9d770e769c9018a9f408d576f52e7c4e8be2
+	NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version
 CVE-2020-13940 (In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and v ...)
 	NOT-FOR-US: Apache NiFi
 CVE-2020-13939
-- 
cgit v1.2.3