Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 7E6C0200CBE for ; Fri, 7 Jul 2017 19:45:44 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 7CC3B1699FF; Fri, 7 Jul 2017 17:45:44 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id C2A461699F9 for ; Fri, 7 Jul 2017 19:45:43 +0200 (CEST) Received: (qmail 59533 invoked by uid 500); 7 Jul 2017 17:45:42 -0000 Mailing-List: contact java-user-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: java-user@lucene.apache.org Delivered-To: mailing list java-user@lucene.apache.org Delivered-To: moderator for java-user@lucene.apache.org Received: (qmail 80635 invoked by uid 99); 7 Jul 2017 17:07:11 -0000 X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.3 X-Spam-Level: X-Spam-Status: No, score=0.3 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled X-IronPort-AV: E=Sophos;i="5.40,323,1496116800"; d="scan'208";a="13916852" From: Ramesh Komuravelli To: "general@lucene.apache.org" CC: "dev@lucene.apache.org" , "java-user@lucene.apache.org" , "solr-user@lucene.apache.org" , "announce@apache.org" , security , "oss-security@lists.openwall.com" , "bugtraq@securityfocus.com" , =?utf-8?B?Tm9ibGUgUGF1bCDgtKjgtYvgtKzgtL/gtLPgtY0g4KSo4KWL4KSs4KWN4KSz?= =?utf-8?B?4KWN?= Subject: Re: [ANNOUNCE] [SECURITY] CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr Thread-Topic: [ANNOUNCE] [SECURITY] CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr Thread-Index: AQHS9ycm3/j+LYf8AU+i4P1wm+y1/6JImJNG Date: Fri, 7 Jul 2017 17:06:57 +0000 Message-ID: <682C5CFE-CFF6-4F01-BA48-AA19807579B6@commvault.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 archived-at: Fri, 07 Jul 2017 17:45:44 -0000 SGV5IGFsbCwgQ29tbXZhdWx0IGlzIGxvb2tpbmcgZm9yIEdsdXN0ZXJGUyBkZXZlbG9wZXJzLCB0 aGlzIHJvbGUgaXMgZ29pbmcgdG8gYmUgdmVyeSBjcnVjaWFsIGFuZCB3b3JraW5nIGNsb3NlbHkg d2l0aCBDVE8uIElmIGFueW9uZSBpbnRlcmVzdGVkLi4uIHBsZWFzZSBtYWlsIG1lLg0KDQpSZWdh cmRzLA0KUmFtZXNoIEsNCg0KPiBPbiAwNy1KdWwtMjAxNywgYXQgNzoxNCBQTSwgU2hhbGluIFNo ZWtoYXIgTWFuZ2FyIDxzaGFsaW5AYXBhY2hlLm9yZz4gd3JvdGU6DQo+IA0KPiBDVkUtMjAxNy03 NjYwOiBTZWN1cml0eSBWdWxuZXJhYmlsaXR5IGluIHNlY3VyZSBpbnRlci1ub2RlDQo+IGNvbW11 bmljYXRpb24gaW4gQXBhY2hlIFNvbHINCj4gDQo+IFNldmVyaXR5OiBJbXBvcnRhbnQNCj4gDQo+ IFZlbmRvcjoNCj4gVGhlIEFwYWNoZSBTb2Z0d2FyZSBGb3VuZGF0aW9uDQo+IA0KPiBWZXJzaW9u cyBBZmZlY3RlZDoNCj4gU29sciA1LjMgdG8gNS41LjQNCj4gU29sciA2LjAgdG8gNi41LjENCj4g DQo+IERlc2NyaXB0aW9uOg0KPiANCj4gU29sciB1c2VzIGEgUEtJIGJhc2VkIG1lY2hhbmlzbSB0 byBzZWN1cmUgaW50ZXItbm9kZSBjb21tdW5pY2F0aW9uDQo+IHdoZW4gc2VjdXJpdHkgaXMgZW5h YmxlZC4gSXQgaXMgcG9zc2libGUgdG8gY3JlYXRlIGEgc3BlY2lhbGx5IGNyYWZ0ZWQNCj4gbm9k ZSBuYW1lIHRoYXQgZG9lcyBub3QgZXhpc3QgYXMgcGFydCBvZiB0aGUgY2x1c3RlciBhbmQgcG9p bnQgaXQgdG8gYQ0KPiBtYWxpY2lvdXMgbm9kZS4gVGhpcyBjYW4gdHJpY2sgdGhlIG5vZGVzIGlu IGNsdXN0ZXIgdG8gYmVsaWV2ZSB0aGF0DQo+IHRoZSBtYWxpY2lvdXMgbm9kZSBpcyBhIG1lbWJl ciBvZiB0aGUgY2x1c3Rlci4gU28sIGlmIFNvbHIgdXNlcnMgaGF2ZQ0KPiBlbmFibGVkIEJhc2lj QXV0aCBhdXRoZW50aWNhdGlvbiBtZWNoYW5pc20gdXNpbmcgdGhlIEJhc2ljQXV0aFBsdWdpbg0K PiBvciBpZiB0aGUgdXNlciBoYXMgaW1wbGVtZW50ZWQgYSBjdXN0b20gQXV0aGVudGljYXRpb24g cGx1Z2luLCB3aGljaA0KPiBkb2VzIG5vdCBpbXBsZW1lbnQgZWl0aGVyICJIdHRwQ2xpZW50SW50 ZXJjZXB0b3JQbHVnaW4iIG9yDQo+ICJIdHRwQ2xpZW50QnVpbGRlclBsdWdpbiIsIGhpcy9oZXIg c2VydmVycyBhcmUgdnVsbmVyYWJsZSB0byB0aGlzDQo+IGF0dGFjay4gVXNlcnMgd2hvIG9ubHkg dXNlIFNTTCB3aXRob3V0IGJhc2ljIGF1dGhlbnRpY2F0aW9uIG9yIHRob3NlDQo+IHdobyB1c2Ug S2VyYmVyb3MgYXJlIG5vdCBhZmZlY3RlZC4NCj4gDQo+IE1pdGlnYXRpb246DQo+IDYueCB1c2Vy cyBzaG91bGQgdXBncmFkZSB0byA2LjYNCj4gNS54IHVzZXJzIHNob3VsZCBvYnRhaW4gdGhlIGxh dGVzdCBzb3VyY2UgZnJvbSBnaXQgYW5kIGFwcGx5IHRoaXMgcGF0Y2g6DQo+IGh0dHA6Ly9naXQt d2lwLXVzLmFwYWNoZS5vcmcvcmVwb3MvYXNmL2x1Y2VuZS1zb2xyL2NvbW1pdC8yZjVlY2JjZg0K PiANCj4gQ3JlZGl0Og0KPiBUaGlzIGlzc3VlIHdhcyBkaXNjb3ZlcmVkIGJ5IE5vYmxlIFBhdWwg b2YgTHVjaWR3b3JrcyBJbmMuDQo+IA0KPiBSZWZlcmVuY2VzOg0KPiBodHRwczovL2lzc3Vlcy5h cGFjaGUub3JnL2ppcmEvYnJvd3NlL1NPTFItMTA2MjQNCj4gaHR0cHM6Ly93aWtpLmFwYWNoZS5v cmcvc29sci9Tb2xyU2VjdXJpdHkNCj4gDQo+IC0tIA0KPiBUaGUgTHVjZW5lIFBNQw0KKioqKioq KioqKioqKioqKioqKioqKioqKioqTGVnYWwgRGlzY2xhaW1lcioqKioqKioqKioqKioqKioqKioq KioqKioqKg0KIlRoaXMgY29tbXVuaWNhdGlvbiBtYXkgY29udGFpbiBjb25maWRlbnRpYWwgYW5k IHByaXZpbGVnZWQgbWF0ZXJpYWwgZm9yIHRoZQ0Kc29sZSB1c2Ugb2YgdGhlIGludGVuZGVkIHJl Y2lwaWVudC4gQW55IHVuYXV0aG9yaXplZCByZXZpZXcsIHVzZSBvciBkaXN0cmlidXRpb24NCmJ5 IG90aGVycyBpcyBzdHJpY3RseSBwcm9oaWJpdGVkLiBJZiB5b3UgaGF2ZSByZWNlaXZlZCB0aGUg bWVzc2FnZSBieSBtaXN0YWtlLA0KcGxlYXNlIGFkdmlzZSB0aGUgc2VuZGVyIGJ5IHJlcGx5IGVt YWlsIGFuZCBkZWxldGUgdGhlIG1lc3NhZ2UuIFRoYW5rIHlvdS4iDQoqKioqKioqKioqKioqKioq KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqCg== DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0NClRvIHVuc3Vic2NyaWJlLCBlLW1haWw6IGphdmEtdXNlci11 bnN1YnNjcmliZUBsdWNlbmUuYXBhY2hlLm9yZw0KRm9yIGFkZGl0aW9uYWwgY29tbWFuZHMs IGUtbWFpbDogamF2YS11c2VyLWhlbHBAbHVjZW5lLmFwYWNoZS5vcmcNCg0K