CVE-2023-31413: Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled. Please bump to 7.17.10.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=987287bcedc164e51a80277231d2a0393a559f45 commit 987287bcedc164e51a80277231d2a0393a559f45 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2024-01-11 14:44:07 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-01-20 13:30:06 +0000 app-admin/filebeat: add 7.17.16 Bug: https://bugs.gentoo.org/905879 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/33433 Signed-off-by: Sam James <sam@gentoo.org> app-admin/filebeat/Manifest | 2 ++ app-admin/filebeat/filebeat-7.17.16.ebuild | 58 ++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+)
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=622fc7f4dc7370184dbd6f86d263b81362405c87 commit 622fc7f4dc7370184dbd6f86d263b81362405c87 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2024-02-23 10:19:25 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2024-02-23 10:44:28 +0000 app-admin/filebeat: drop 7.17.5 Bug: https://bugs.gentoo.org/905879 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/35503 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> app-admin/filebeat/Manifest | 2 -- app-admin/filebeat/filebeat-7.17.5.ebuild | 58 ------------------------------- 2 files changed, 60 deletions(-)