Bug#792617: marked as done (elasticsearch: CVE-2015-5377 CVE-2015-5531)

Fri, 17 Jul 2015 05:21:52 -0700 

Your message dated Fri, 17 Jul 2015 12:19:00 +0000
with message-id <e1zg4bu-00071f...@franck.debian.org>
and subject line Bug#792617: fixed in elasticsearch 1.6.1+dfsg-1
has caused the Debian Bug report #792617,
regarding elasticsearch: CVE-2015-5377 CVE-2015-5531
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
792617: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792617
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: elasticsearch
Version: 1.0.3+dfsg-5
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole

Hi,

the following vulnerabilities were published for elasticsearch.
Reporting them right now as severity grave since some details are
missed so feel free to downgrade.

CVE-2015-5377[0]:
Remote code execution vulnerability

CVE-2015-5531[1]:
Directory traversal vulnerability

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-5377
[1] https://security-tracker.debian.org/tracker/CVE-2015-5531
[2] https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released#security

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: elasticsearch
Source-Version: 1.6.1+dfsg-1

We believe that the bug you reported is fixed in the latest version of
elasticsearch, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 792...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hilko Bengen <ben...@debian.org> (supplier of updated elasticsearch package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 17 Jul 2015 13:18:00 +0200
Source: elasticsearch
Binary: libelasticsearch1.6-java elasticsearch
Architecture: source all
Version: 1.6.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Hilko Bengen <ben...@debian.org>
Changed-By: Hilko Bengen <ben...@debian.org>
Description:
 elasticsearch - Open Source, Distributed, RESTful Search Engine
 libelasticsearch1.6-java - Open Source, Distributed, RESTful Search Engine -- 
libraries
Closes: 792617
Changes:
 elasticsearch (1.6.1+dfsg-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream version
     - This fixes CVE-2015-5377 CVE-2015-5531 (Closes: #792617)
Checksums-Sha1:
 1eb21f5295e08033c8cd5df18261fbbc31f8eb46 2733 elasticsearch_1.6.1+dfsg-1.dsc
 c1f34cc1779b847128fabd0e1ba9e5945f96139c 9295720 
elasticsearch_1.6.1+dfsg.orig.tar.xz
 1cddae2da97901e7b550a7e7efa31c12219fdf0c 9492 
elasticsearch_1.6.1+dfsg-1.debian.tar.xz
 4852f5c97092e81864886a911cf9796bce9704ce 18576 
elasticsearch_1.6.1+dfsg-1_all.deb
 6c40cf27821aa3b8e69498cdeb7fcd9e840197f6 12168804 
libelasticsearch1.6-java_1.6.1+dfsg-1_all.deb
Checksums-Sha256:
 30a43f8da4c436d00f382de51df795b640fd2165abf63658b9dac303457d5388 2733 
elasticsearch_1.6.1+dfsg-1.dsc
 e00c88f0d516797778058dffe306180933471fda9897d7295440876c352421fa 9295720 
elasticsearch_1.6.1+dfsg.orig.tar.xz
 b5c358503040706ebfc1ef74daf4c88fac5210dd194ed76b44930488eb8a0015 9492 
elasticsearch_1.6.1+dfsg-1.debian.tar.xz
 f0312af5d526b11560b6e12ac9e5cebcb5160acddbc60f3c9e334202c5882672 18576 
elasticsearch_1.6.1+dfsg-1_all.deb
 e2d028ef300ebc61fff22264a377e4b6318a28c45d8487d4e9ba04e2ee21675a 12168804 
libelasticsearch1.6-java_1.6.1+dfsg-1_all.deb
Files:
 9e4ae87dbb84d9ff0757c39e01993630 2733 database optional 
elasticsearch_1.6.1+dfsg-1.dsc
 32d2d21a8c58609bff401fe776e94f97 9295720 database optional 
elasticsearch_1.6.1+dfsg.orig.tar.xz
 b80dd3df43b32946fab33567abec82e2 9492 database optional 
elasticsearch_1.6.1+dfsg-1.debian.tar.xz
 d1f0532149ed346d12752dce689372f7 18576 database optional 
elasticsearch_1.6.1+dfsg-1_all.deb
 b7d5d6b7598ff4a759917e0fdad2a355 12168804 java optional 
libelasticsearch1.6-java_1.6.1+dfsg-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVqO7EAAoJEHW3EGNcITp+F2gP/ilNwPQPTfFvjGeuSSYYpP0q
1qZWIZZZ4R517TjPDa4eryWkRzqiSUJlJNwXMqz6HltX5Y0BBlm2+kgrTmaZzQFD
35zhnLSXb9T8+27yqpKkNWHryJGoYVtHFUEg5HEeQ8mIMiEYFSQyOS3ohKRnrT+j
hz50LnaMcVn8ZSEIY9d1bborJaT0kj/7mdG/cK+A0GjMjLVTBS/vcfLXH9mm+5jn
XwvulDmC3o6t0XxKe1MdRF4iURGpQUELgYkybj5mtFzooquli5Fw8OikhBUWk5RF
3XgUStTyd/a/j2cNWBYrLVrLlXHl3NRI9HeyqTKUCMCYZjrHeYUmg6Z5X1kJ5JTu
EOo7TxXzpEfWkw0BRTlKWuumSNANLiK3HgmPuQngwYxlIwxUGm12kL1vVrxZI+Ai
NeFyFQaURAy9eg7eAT00KbP1Wfr9VX6PAHH9hG55ghL5Ihc7ZVA4I0bsjdZ4bKSK
VntHmOqfsb+VEUukqfRo7PQ9oSRG7TjL6EmiL/jwxekp3yYl0Esrg/0NcUZWjotR
XwqqNwcj9XYsI4AcrhX+d0cP8nQNycxBCsqnhfGDuPXf8IFcrd4Ww0azyWhp6bvY
cuiQkJ4nRAx0SLNE+9o/jBGkpA62HpLTphhyQdYStqo/dv37vuQ7zbQfhNd3XzpV
bwmIbSfFk83I179naMuG
=J3ML
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to