Source: elasticsearch Version: 1.0.3+dfsg-5 Severity: grave Tags: security upstream fixed-upstream Justification: user security hole
Hi, the following vulnerabilities were published for elasticsearch. Reporting them right now as severity grave since some details are missed so feel free to downgrade. CVE-2015-5377[0]: Remote code execution vulnerability CVE-2015-5531[1]: Directory traversal vulnerability If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-5377 [1] https://security-tracker.debian.org/tracker/CVE-2015-5531 [2] https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released#security Regards, Salvatore __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.