566044 – <www-apps/kibana-bin-4.1.3: possible CSRF

Bug 566044 - <www-apps/kibana-bin-4.1.3: possible CSRF

Summary: <www-apps/kibana-bin-4.1.3: possible CSRF

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2015-11-17 11:55 UTC by Tomáš Mózes
Modified:	2016-03-29 09:45 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
kibana-bin-4.1.3.ebuild (kibana-bin-4.1.3.ebuild,1.03 KB, text/plain) 2015-11-17 12:30 UTC, Tomáš Mózes	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tomáš Mózes 2015-11-17 11:55:00 UTC

https://www.elastic.co/blog/kibana-4-2-1-and-4-1-3

4.1.3 Fixes and enhancements
- Fixed a possible CSRF issue. Waiting on CVE assignment for this issue

Comment 1 Tomáš Mózes 2015-11-17 12:30:56 UTC

Created attachment 417202 [details]
kibana-bin-4.1.3.ebuild

Comment 2 Tomáš Mózes 2015-11-17 12:34:02 UTC

After the bump, please drop:
- <kibana-bin-4.1.3 ebuilds
- files/kibana.initd
- files/kibana.initd-r1

Thank you.

Comment 3 Ian Delaney (RETIRED) gentoo-dev

2015-11-23 07:29:54 UTC

Author: Ian Delaney <idella4@gentoo.org>
Date:   Sat Nov 21 08:36:25 2015 +0800

    www-apps/kibana-bin:  bump -> vn. 4.1.3, clean old vns. & defunct init scripts
    
    Requests made, new ebuild submitted via proxy maintainer via the gentoo bug
    which is under category of security bug.
    
    Gentoo bug: #566044O

Comment 4 Aaron Bauman (RETIRED) gentoo-dev

2016-03-29 09:45:33 UTC

no vulnerable versions in tree.