Return-Path: <dev-return-54788-archive-asf-public=cust-asf.ponee.io@directory.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 22D14200BB2
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Sat, 29 Oct 2016 11:59:44 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 195CA160B00; Sat, 29 Oct 2016 09:59:44 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 89343160AF1
	for <archive-asf-public@cust-asf.ponee.io>; Sat, 29 Oct 2016 11:59:43 +0200 (CEST)
Received: (qmail 61383 invoked by uid 500); 29 Oct 2016 09:59:42 -0000
Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@directory.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@directory.apache.org>
List-Post: <mailto:dev@directory.apache.org>
List-Id: <dev.directory.apache.org>
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Delivered-To: mailing list dev@directory.apache.org
Received: (qmail 61362 invoked by uid 99); 29 Oct 2016 09:59:42 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 29 Oct 2016 09:59:42 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 0137FC1B96;
	Sat, 29 Oct 2016 09:59:42 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level: 
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=6.31
	tests=[SPF_PASS=-0.001] autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024)
	with ESMTP id Fl-QgCGUN58g; Sat, 29 Oct 2016 09:59:40 +0000 (UTC)
Received: from amber.s12n.de (amber.s12n.de [144.76.55.147])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 4524D5F23D;
	Sat, 29 Oct 2016 09:59:40 +0000 (UTC)
Received: from [192.168.2.100] (aftr-185-17-205-243.dynamic.mnet-online.de [185.17.205.243])
	by amber.s12n.de (Postfix) with ESMTPSA id AE1CF29F493;
	Sat, 29 Oct 2016 11:59:33 +0200 (CEST)
To: Apache Directory Developers List <dev@directory.apache.org>,
 users@directory.apache.org
From: Stefan Seelmann <mail@stefan-seelmann.de>
Subject: Security vulnerability in Groovy LDAP API
Message-ID: <b7d7e909-a8ed-1ab4-c853-4078c1e7624a@stefan-seelmann.de>
Date: Sat, 29 Oct 2016 11:59:26 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.99.2 at amber
X-Virus-Status: Clean
archived-at: Sat, 29 Oct 2016 09:59:44 -0000

Alexandr Mirosh and Alvaro Muñoz reported a security vulnerability
(CVE-2016-6497) in the "Groovy LDAP API" code.

Anybody using the "Groovy LDAP API" are adviced to apply a fix. No
binary will be provided. Users need to apply the patch [1] themselves.

Please note that the "Groovy LDAP API" is not an official sub-project of
the Apache Directory project and no official release exists.

[1] http://svn.apache.org/viewvc?rev=1765362&view=rev