Summary: | <app-misc/elasticsearch-{6.8.12, 7.9.0}: Access restriction bypass (CVE-2020-7019) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | erkiferenc, hydrapolic, proxy-maint |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456 | ||
See Also: |
https://github.com/gentoo/gentoo/pull/17292 https://github.com/gentoo/gentoo/pull/20000 |
||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2020-08-19 00:11:28 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b3168257126a49b7f613b034a136e689c47442cb commit b3168257126a49b7f613b034a136e689c47442cb Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2020-08-28 04:20:01 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-08-30 21:46:31 +0000 app-misc/elasticsearch: bump to 6.8.12/7.9.0 Bug: https://bugs.gentoo.org/737958 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> app-misc/elasticsearch/Manifest | 4 + app-misc/elasticsearch/elasticsearch-6.8.12.ebuild | 88 ++++++++++++++++++++++ app-misc/elasticsearch/elasticsearch-7.9.0.ebuild | 83 ++++++++++++++++++++ 3 files changed, 175 insertions(+) Please cleanup. Pretty annoying regression in kibana 7.9.0, sadly you cannot revert back once you upgrade to it: https://github.com/elastic/kibana/issues/76227 Ping (In reply to Tomáš Mózes from comment #3) > Pretty annoying regression in kibana 7.9.0, sadly you cannot revert back > once you upgrade to it: > > https://github.com/elastic/kibana/issues/76227 Seems like this is fixed now, can we cleanup? The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b490314bb35c536a97bd2af6eb827dabc962e60 commit 0b490314bb35c536a97bd2af6eb827dabc962e60 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2021-03-19 07:40:02 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-03-22 14:00:01 +0000 app-misc/elasticsearch: drop vulnerable Bug: https://bugs.gentoo.org/737958 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/20000 Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-misc/elasticsearch/Manifest | 6 -- app-misc/elasticsearch/elasticsearch-6.8.13.ebuild | 88 ---------------------- app-misc/elasticsearch/elasticsearch-7.8.1.ebuild | 83 -------------------- app-misc/elasticsearch/elasticsearch-7.9.2.ebuild | 86 --------------------- 4 files changed, 263 deletions(-) All done, thanks! |