Bug#788471: elasticsearch: CVE-2015-4165: unspecified arbitrary files modification vulnerability
Salvatore Bonaccorso
carnil at debian.org
Sat Jun 20 06:32:50 UTC 2015
Hi Hilko
On Fri, Jun 12, 2015 at 01:45:15PM +0200, Salvatore Bonaccorso wrote:
> Hi Hilko,
>
> On Fri, Jun 12, 2015 at 01:30:28PM +0200, Hilko Bengen wrote:
> > Control: tags -1 moreinfo
> >
> > * Salvatore Bonaccorso:
> >
> > > Source: elasticsearch
> > > Version: 1.0.3+dfsg-5
> > > Severity: grave
> > > Tags: security upstream fixed-upstream
> >
> > Where exactly has it been fixed upstream? A git coommit id would be
> > helpful.
>
> I haven't a specific commit. The only information I had so far is that
> upstream claims that affected versions are all 1.0.0 up to 1.5.2 and
> the issue is fixed in 1.6.0:
>
> See https://www.elastic.co/community/security/
Did you had a chance to get more details on it?
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list