Description: "In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data." Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b48d2aebf253e7b6f2adbfa09d54baeefa88c53 commit 1b48d2aebf253e7b6f2adbfa09d54baeefa88c53 Author: Ferenc Erki <erkiferenc@gmail.com> AuthorDate: 2021-05-29 19:14:00 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-05-31 08:15:35 +0000 app-admin/logstash-bin: drop vulnerable Bug: https://bugs.gentoo.org/790287 Signed-off-by: Ferenc Erki <erkiferenc@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/21043 Signed-off-by: Sam James <sam@gentoo.org> app-admin/logstash-bin/Manifest | 2 - app-admin/logstash-bin/logstash-bin-7.10.2.ebuild | 88 ----------------------- 2 files changed, 90 deletions(-)
All done, thanks!