[Bug 248761] textproc/elasticsearch6: Update to 6.8.12

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Aug 19 21:17:35 UTC 2020 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248761

            Bug ID: 248761
           Summary: textproc/elasticsearch6: Update to 6.8.12
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://www.elastic.co/guide/en/elasticsearch/referenc
                    e/6.8/release-notes-6.8.12.html
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: elastic at FreeBSD.org
          Reporter: juraj at lutter.sk
             Flags: maintainer-feedback?(elastic at FreeBSD.org)
          Assignee: elastic at FreeBSD.org
 Attachment #217354 maintainer-approval+
             Flags:

Created attachment 217354
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=217354&action=edit
textproc/elasticsearch6: Update to 6.8.12

Hi,

please find the patch attached.

The main thing is fixed CVE-2020-7019

Changelog:
* Security updates:
  - A field disclosure flaw was found in Elasticsearch when running a scrolling
search with field level security. If a user runs the same query another more
privileged user recently ran, the scrolling search can leak fields that should
be hidden. This could result in an attacker gaining additional permissions
against a restricted index. All versions of Elasticsearch before 7.9.0 and
6.8.12 are affected by this flaw. You must upgrade to Elasticsearch version
7.9.0 or 6.8.12 to obtain the fix. CVE-2020-7019

* Bug fixes:
  - CCR:
    - CCR recoveries using wrong setting for chunk sizes
    - Fix synchronization in ShardFollowNodeTask
    - Relax ShardFollowTasksExecutor validation
    - Set timeout of master node requests on follower to unbounded
  - Distributed:
    - Fix cluster health rest api wait_for_no_initializing_shards
  - Machine Learning:
    - Fix restoration of change detectors after seasonality


Testport result:
https://freebsd-stable.builder.wilbury.net/data/12_STABLE_GENERIC_amd64-default/2020-08-19_16h47m00s/logs/elasticsearch6-6.8.12.log

Question is: What is the procedure of creating a proper vulnxml entry?

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-elastic mailing list