Date: Wed, 19 Aug 2020 21:17:34 +0000 From: bugzilla-noreply@freebsd.org To: elastic@FreeBSD.org Subject: [Bug 248761] textproc/elasticsearch6: Update to 6.8.12 Message-ID: <bug-248761-37421@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D248761 Bug ID: 248761 Summary: textproc/elasticsearch6: Update to 6.8.12 Product: Ports & Packages Version: Latest Hardware: Any URL: https://www.elastic.co/guide/en/elasticsearch/referenc e/6.8/release-notes-6.8.12.html OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: elastic@FreeBSD.org Reporter: juraj@lutter.sk Flags: maintainer-feedback?(elastic@FreeBSD.org) Assignee: elastic@FreeBSD.org Attachment #217354 maintainer-approval+ Flags: Created attachment 217354 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D217354&action= =3Dedit textproc/elasticsearch6: Update to 6.8.12 Hi, please find the patch attached. The main thing is fixed CVE-2020-7019 Changelog: * Security updates: - A field disclosure flaw was found in Elasticsearch when running a scrol= ling search with field level security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that sho= uld be hidden. This could result in an attacker gaining additional permissions against a restricted index. All versions of Elasticsearch before 7.9.0 and 6.8.12 are affected by this flaw. You must upgrade to Elasticsearch version 7.9.0 or 6.8.12 to obtain the fix. CVE-2020-7019 * Bug fixes: - CCR: - CCR recoveries using wrong setting for chunk sizes - Fix synchronization in ShardFollowNodeTask - Relax ShardFollowTasksExecutor validation - Set timeout of master node requests on follower to unbounded - Distributed: - Fix cluster health rest api wait_for_no_initializing_shards - Machine Learning: - Fix restoration of change detectors after seasonality Testport result: https://freebsd-stable.builder.wilbury.net/data/12_STABLE_GENERIC_amd64-def= ault/2020-08-19_16h47m00s/logs/elasticsearch6-6.8.12.log Question is: What is the procedure of creating a proper vulnxml entry? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-248761-37421>