Bug#788471: elasticsearch: CVE-2015-4165: unspecified arbitrary files modification vulnerability

On Sun, Jun 21, 2015 at 02:56:36PM +0200, Hilko Bengen wrote: > * Salvatore Bonaccorso: > > > Did you had a chance to get more details on it? > > ,[ http://seclists.org/bugtraq/2015/Jun/53 ] > | Elasticsearch versions 1.0.0 - 1.5.2 are vulnerable to an engineered > | attack on other applicati

Bug#788471: elasticsearch: CVE-2015-4165: unspecified arbitrary files modification vulnerability

* Salvatore Bonaccorso: > Did you had a chance to get more details on it? ,[ http://seclists.org/bugtraq/2015/Jun/53 ] | Elasticsearch versions 1.0.0 - 1.5.2 are vulnerable to an engineered | attack on other applications on the system. The snapshot API may be used | indirectly to place snapsh

Bug#788471: elasticsearch: CVE-2015-4165: unspecified arbitrary files modification vulnerability

Hi Hilko On Fri, Jun 12, 2015 at 01:45:15PM +0200, Salvatore Bonaccorso wrote: > Hi Hilko, > > On Fri, Jun 12, 2015 at 01:30:28PM +0200, Hilko Bengen wrote: > > Control: tags -1 moreinfo > > > > * Salvatore Bonaccorso: > > > > > Source: elasticsearch > > > Version: 1.0.3+dfsg-5 > > > Severity:

Bug#788471: elasticsearch: CVE-2015-4165: unspecified arbitrary files modification vulnerability

Hi Hilko, On Fri, Jun 12, 2015 at 01:30:28PM +0200, Hilko Bengen wrote: > Control: tags -1 moreinfo > > * Salvatore Bonaccorso: > > > Source: elasticsearch > > Version: 1.0.3+dfsg-5 > > Severity: grave > > Tags: security upstream fixed-upstream > > Where exactly has it been fixed upstream? A gi

Processed: Re: Bug#788471: elasticsearch: CVE-2015-4165: unspecified arbitrary files modification vulnerability

Processing control commands: > tags -1 moreinfo Bug #788471 [src:elasticsearch] elasticsearch: CVE-2015-4165: unspecified arbitrary files modification vulnerability Added tag(s) moreinfo. -- 788471: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788471 Debian Bug Tracking System Contact ow...

Bug#788471: elasticsearch: CVE-2015-4165: unspecified arbitrary files modification vulnerability

Control: tags -1 moreinfo * Salvatore Bonaccorso: > Source: elasticsearch > Version: 1.0.3+dfsg-5 > Severity: grave > Tags: security upstream fixed-upstream Where exactly has it been fixed upstream? A git coommit id would be helpful. Cheers, -Hilko __ This is the maintainer address of Debian's

Bug#788471: elasticsearch: CVE-2015-4165: unspecified arbitrary files modification vulnerability

Source: elasticsearch Version: 1.0.3+dfsg-5 Severity: grave Tags: security upstream fixed-upstream Hi, the following vulnerability was published for elasticsearch. Unfortunately the available information is a bit sparse, thus filling with initial severity grave. CVE-2015-4165[0]: unspecified arb