CVE-2020-7019: A field disclosure flaw was found in Elasticsearch when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index. All versions of Elasticsearch before 7.9.0 and 6.8.12 are affected by this flaw. Maintainer, please bump and if possible add slots to differentiate between branches.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b3168257126a49b7f613b034a136e689c47442cb commit b3168257126a49b7f613b034a136e689c47442cb Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2020-08-28 04:20:01 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-08-30 21:46:31 +0000 app-misc/elasticsearch: bump to 6.8.12/7.9.0 Bug: https://bugs.gentoo.org/737958 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> app-misc/elasticsearch/Manifest | 4 + app-misc/elasticsearch/elasticsearch-6.8.12.ebuild | 88 ++++++++++++++++++++++ app-misc/elasticsearch/elasticsearch-7.9.0.ebuild | 83 ++++++++++++++++++++ 3 files changed, 175 insertions(+)
Please cleanup.
Pretty annoying regression in kibana 7.9.0, sadly you cannot revert back once you upgrade to it: https://github.com/elastic/kibana/issues/76227
Ping
(In reply to Tomáš Mózes from comment #3) > Pretty annoying regression in kibana 7.9.0, sadly you cannot revert back > once you upgrade to it: > > https://github.com/elastic/kibana/issues/76227 Seems like this is fixed now, can we cleanup?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b490314bb35c536a97bd2af6eb827dabc962e60 commit 0b490314bb35c536a97bd2af6eb827dabc962e60 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2021-03-19 07:40:02 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-03-22 14:00:01 +0000 app-misc/elasticsearch: drop vulnerable Bug: https://bugs.gentoo.org/737958 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/20000 Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-misc/elasticsearch/Manifest | 6 -- app-misc/elasticsearch/elasticsearch-6.8.13.ebuild | 88 ---------------------- app-misc/elasticsearch/elasticsearch-7.8.1.ebuild | 83 -------------------- app-misc/elasticsearch/elasticsearch-7.9.2.ebuild | 86 --------------------- 4 files changed, 263 deletions(-)
All done, thanks!
