[Secure-testing-team] Bug#792617: elasticsearch: CVE-2015-5377 CVE-2015-5531
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 16 19:59:41 UTC 2015
Source: elasticsearch
Version: 1.0.3+dfsg-5
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole
Hi,
the following vulnerabilities were published for elasticsearch.
Reporting them right now as severity grave since some details are
missed so feel free to downgrade.
CVE-2015-5377[0]:
Remote code execution vulnerability
CVE-2015-5531[1]:
Directory traversal vulnerability
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-5377
[1] https://security-tracker.debian.org/tracker/CVE-2015-5531
[2] https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released#security
Regards,
Salvatore
More information about the Secure-testing-team
mailing list