Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#70061 - [elasticsearch] [Security] information disclosure (CVE-2021-22132)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Thursday, 18 March 2021, 12:15 GMT
Last edited by Jonas Witschel (diabonas) - Wednesday, 25 August 2021, 18:36 GMT
Opened by Jonas Witschel (diabonas) - Thursday, 18 March 2021, 12:15 GMT
Last edited by Jonas Witschel (diabonas) - Wednesday, 25 August 2021, 18:36 GMT
|
DetailsSummary
======= The package elasticsearch is vulnerable to information disclosure via CVE-2021-22132. Guidance ======== Upgrading elasticsearch to version 7.10.2 fixes the issue. References ========== https://security.archlinux.org/AVG-1455 https://discuss.elastic.co/t/elasticsearch-7-10-2-security-update/261164 https://github.com/elastic/elasticsearch/pull/66365 https://github.com/elastic/elasticsearch/commit/480561dbc3fd8c2c020f9d3d3887ae6e395313e0 |
This task depends upon
Closed by Jonas Witschel (diabonas)
Wednesday, 25 August 2021, 18:36 GMT
Reason for closing: Fixed
Additional comments about closing: elasticsearch 7.10.2-1
Wednesday, 25 August 2021, 18:36 GMT
Reason for closing: Fixed
Additional comments about closing: elasticsearch 7.10.2-1
Comment by David Ryskalczyk (david_rysk) -
Friday, 09 April 2021, 20:44 GMT
Looking at the CVE details, this bug is fixed in elasticsearch 7.10.2, which is still under the Apache 2.0 license.