Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#70138 - [logstash] [Security] certificate verification bypass (CVE-2021-22138)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Tuesday, 23 March 2021, 18:51 GMT
Opened by Jonas Witschel (diabonas) - Tuesday, 23 March 2021, 18:51 GMT
|
DetailsSummary
======= The package logstash is vulnerable to certificate verification bypass via CVE-2021-22138. Guidance ======== Upgrading Logstash to version 7.12.0 fixes the issue. References ========== https://security.archlinux.org/AVG-1730 https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125 |
This task depends upon