Bug 22697

Summary: solr3 new security issues CVE-2017-3163, CVE-2017-3164, CVE-2017-12629, CVE-2018-1308, CVE-2018-11802, CVE-2019-0193, CVE-2019-12401, CVE-2020-13941, CVE-2021-27905, CVE-2021-29262, CVE-2021-29943
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Java Stack Maintainers <java>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: mageia
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: solr3-3.6.2-15.mga7.src.rpm CVE:
Status comment: Patches available from Debian

Description David Walser 2018-03-03 20:50:44 CET 
Debian has issued an advisory on February 27:
https://www.debian.org/security/2018/dsa-4124

I'm not sure if the solr package is also affected (it may be).

Mageia 5 and Mageia 6 are also affected.
David Walser 2018-03-03 20:51:26 CET

Whiteboard: (none) => MGA6TOO

David Walser 2018-03-11 16:11:53 CET

Status comment: (none) => Patch available from Debian

Comment 1 David Walser 2018-04-09 00:28:05 CEST 
Upstream has issued an advisory today (April 8) for a new security issue:
http://openwall.com/lists/oss-security/2018/04/08/3

Status comment: Patch available from Debian => Patch available from Debian for first two CVEs
Summary: solr3 new security issues CVE-2017-3163 and CVE-2017-12629 => solr3 new security issues CVE-2017-3163, CVE-2017-12629, and CVE-2018-1308

Comment 2 David Walser 2018-05-12 23:46:40 CEST 
(In reply to David Walser from comment #1)
> Upstream has issued an advisory today (April 8) for a new security issue:
> http://openwall.com/lists/oss-security/2018/04/08/3

Debian has issued an advisory for this on May 6:
https://www.debian.org/security/2018/dsa-4194

Status comment: Patch available from Debian for first two CVEs => Patches available from Debian

Comment 3 David Walser 2019-02-13 03:50:45 CET 
Upstream has issued an advisory today (February 12):
https://www.openwall.com/lists/oss-security/2019/02/12/7

Severity: normal => critical
Summary: solr3 new security issues CVE-2017-3163, CVE-2017-12629, and CVE-2018-1308 => solr3 new security issues CVE-2017-3163, CVE-2017-3164, CVE-2017-12629, and CVE-2018-1308

Comment 4 David Walser 2019-04-26 21:43:14 CEST 
Upstream has issued an advisory on April 24:
https://www.openwall.com/lists/oss-security/2019/04/24/1

Summary: solr3 new security issues CVE-2017-3163, CVE-2017-3164, CVE-2017-12629, and CVE-2018-1308 => solr3 new security issues CVE-2017-3163, CVE-2017-3164, CVE-2017-12629, CVE-2018-1308, CVE-2018-11802

David Walser 2019-06-23 19:29:22 CEST

Whiteboard: MGA6TOO => MGA7TOO, MGA6TOO

Comment 5 David Walser 2019-08-06 12:49:43 CEST 
Upstream has issued an advisory on August 1:
https://www.openwall.com/lists/oss-security/2019/08/01/1

Summary: solr3 new security issues CVE-2017-3163, CVE-2017-3164, CVE-2017-12629, CVE-2018-1308, CVE-2018-11802 => solr3 new security issues CVE-2017-3163, CVE-2017-3164, CVE-2017-12629, CVE-2018-1308, CVE-2018-11802, CVE-2019-0193

Comment 6 David Walser 2019-09-10 12:04:14 CEST 
Upstream has issued an advisory on September 9:
https://www.openwall.com/lists/oss-security/2019/09/10/1

Summary: solr3 new security issues CVE-2017-3163, CVE-2017-3164, CVE-2017-12629, CVE-2018-1308, CVE-2018-11802, CVE-2019-0193 => solr3 new security issues CVE-2017-3163, CVE-2017-3164, CVE-2017-12629, CVE-2018-1308, CVE-2018-11802, CVE-2019-0193, CVE-2019-12401

Nicolas Lécureuil 2020-05-22 14:04:33 CEST

Whiteboard: MGA7TOO, MGA6TOO => MGA7TOO
CC: (none) => mageia

Comment 7 David Walser 2020-08-17 19:39:01 CEST 
Upstream has issued an advisory on August 14:
https://www.openwall.com/lists/oss-security/2020/08/15/1

Summary: solr3 new security issues CVE-2017-3163, CVE-2017-3164, CVE-2017-12629, CVE-2018-1308, CVE-2018-11802, CVE-2019-0193, CVE-2019-12401 => solr3 new security issues CVE-2017-3163, CVE-2017-3164, CVE-2017-12629, CVE-2018-1308, CVE-2018-11802, CVE-2019-0193, CVE-2019-12401, CVE-2020-13941

Comment 8 David Walser 2020-08-21 20:40:58 CEST 
(In reply to David Walser from comment #5)
> Upstream has issued an advisory on August 1:
> https://www.openwall.com/lists/oss-security/2019/08/01/1

Debian-LTS has issued an advisory for this on August 6:
https://www.debian.org/lts/security/2020/dla-2327
Comment 9 Nicolas Lécureuil 2020-12-26 23:24:46 CET 
not in cauldron anymore

Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)

Comment 10 David Walser 2021-04-18 22:44:38 CEST 
Upstream has issued advisories on April 12:
https://www.openwall.com/lists/oss-security/2021/04/12/2
https://www.openwall.com/lists/oss-security/2021/04/12/3
https://www.openwall.com/lists/oss-security/2021/04/12/4

Summary: solr3 new security issues CVE-2017-3163, CVE-2017-3164, CVE-2017-12629, CVE-2018-1308, CVE-2018-11802, CVE-2019-0193, CVE-2019-12401, CVE-2020-13941 => solr3 new security issues CVE-2017-3163, CVE-2017-3164, CVE-2017-12629, CVE-2018-1308, CVE-2018-11802, CVE-2019-0193, CVE-2019-12401, CVE-2020-13941, CVE-2021-27905, CVE-2021-29262, CVE-2021-29943

Comment 11 David Walser 2021-07-01 18:14:22 CEST 
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/

Resolution: (none) => OLD
Status: NEW => RESOLVED