CVE-2021-37760: A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID). Please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=519ec97409d80c963d554350415a154da4a4ec98 commit 519ec97409d80c963d554350415a154da4a4ec98 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2021-08-06 12:32:22 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2021-08-07 12:47:51 +0000 app-admin/graylog: drop vulnerable Bug: https://bugs.gentoo.org/806055 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/21900 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> app-admin/graylog/Manifest | 4 -- app-admin/graylog/graylog-3.3.11.ebuild | 83 --------------------------------- app-admin/graylog/graylog-3.3.13.ebuild | 83 --------------------------------- app-admin/graylog/graylog-4.0.5.ebuild | 79 ------------------------------- app-admin/graylog/graylog-4.0.7.ebuild | 79 ------------------------------- 5 files changed, 328 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73486fdffd530d75e7eca84f0c40b1ebe2f492b9 commit 73486fdffd530d75e7eca84f0c40b1ebe2f492b9 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2021-08-06 12:31:48 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2021-08-07 12:47:50 +0000 app-admin/graylog: bump to 4.1.2 Bug: https://bugs.gentoo.org/806055 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Ionen Wolkens <ionen@gentoo.org> app-admin/graylog/Manifest | 1 + app-admin/graylog/graylog-4.1.2.ebuild | 58 ++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=591315d7e534c6402e8a62ca1ebc812fd8321426 commit 591315d7e534c6402e8a62ca1ebc812fd8321426 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2021-08-06 12:22:10 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2021-08-07 12:47:50 +0000 app-admin/graylog: bump to 4.0.10 Bug: https://bugs.gentoo.org/806055 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Ionen Wolkens <ionen@gentoo.org> app-admin/graylog/Manifest | 1 + app-admin/graylog/graylog-4.0.10.ebuild | 79 +++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a42daa58980139a50219659bf1d9e2bf12a9e42f commit a42daa58980139a50219659bf1d9e2bf12a9e42f Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2021-08-06 12:20:57 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2021-08-07 12:47:50 +0000 app-admin/graylog: bump to 3.3.14 Bug: https://bugs.gentoo.org/806055 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Ionen Wolkens <ionen@gentoo.org> app-admin/graylog/Manifest | 1 + app-admin/graylog/graylog-3.3.14.ebuild | 83 +++++++++++++++++++++++++++++++++ 2 files changed, 84 insertions(+)