Bug#922242: lucene-solr: CVE-2017-3164
Markus Koschany
apo at debian.org
Tue Feb 19 21:42:27 GMT 2019
Am 19.02.19 um 17:40 schrieb Moritz Mühlenhoff:
> On Fri, Feb 15, 2019 at 11:21:13AM +0100, Markus Koschany wrote:
[...]
>>
>> Upstream solved this problem by adding a new whitelist option for nodes
>> and shards and what they can request. In the latest version Zookeeper
>> would keep track of all the distributed nodes (SolrCloud), so this new
>> option is meant for legacy releases like the one shipped by Debian or
>> simply for a more fine grained control. I think this is a new security
>> feature but not a fatal flaw that we have to patch. In my opinion it
>> could be ignored.
>
> Agreed, I think we can simply mark it as unimportant in the Security
> Tracker and close this bug.
>
> Cheers,
> Moritz
Ok, let's do that.
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20190219/cfd35034/attachment-0001.sig>
More information about the pkg-java-maintainers
mailing list