Bug#788471: elasticsearch: CVE-2015-4165: unspecified arbitrary files modification vulnerability
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 12 11:45:15 UTC 2015
Hi Hilko,
On Fri, Jun 12, 2015 at 01:30:28PM +0200, Hilko Bengen wrote:
> Control: tags -1 moreinfo
>
> * Salvatore Bonaccorso:
>
> > Source: elasticsearch
> > Version: 1.0.3+dfsg-5
> > Severity: grave
> > Tags: security upstream fixed-upstream
>
> Where exactly has it been fixed upstream? A git coommit id would be
> helpful.
I haven't a specific commit. The only information I had so far is that
upstream claims that affected versions are all 1.0.0 up to 1.5.2 and
the issue is fixed in 1.6.0:
See https://www.elastic.co/community/security/
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list