Created attachment 217354 [details] textproc/elasticsearch6: Update to 6.8.12 Hi, please find the patch attached. The main thing is fixed CVE-2020-7019 Changelog: * Security updates: - A field disclosure flaw was found in Elasticsearch when running a scrolling search with field level security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index. All versions of Elasticsearch before 7.9.0 and 6.8.12 are affected by this flaw. You must upgrade to Elasticsearch version 7.9.0 or 6.8.12 to obtain the fix. CVE-2020-7019 * Bug fixes: - CCR: - CCR recoveries using wrong setting for chunk sizes - Fix synchronization in ShardFollowNodeTask - Relax ShardFollowTasksExecutor validation - Set timeout of master node requests on follower to unbounded - Distributed: - Fix cluster health rest api wait_for_no_initializing_shards - Machine Learning: - Fix restoration of change detectors after seasonality Testport result: https://freebsd-stable.builder.wilbury.net/data/12_STABLE_GENERIC_amd64-default/2020-08-19_16h47m00s/logs/elasticsearch6-6.8.12.log Question is: What is the procedure of creating a proper vulnxml entry?
Created attachment 217364 [details] textproc/elasticsearch6: Update to 6.8.12 vuxml entry
See the attachment for vuxml entry.
A commit references this bug: Author: dmgk Date: Thu Aug 20 11:54:31 UTC 2020 New revision: 545531 URL: https://svnweb.freebsd.org/changeset/ports/545531 Log: security/vuxml: Document textproc/elasticsearch6 vulnerability PR: 248761 Submitted by: Juraj Lutter <juraj@lutter.sk> (maintainer) Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: dmgk Date: Thu Aug 20 11:58:03 UTC 2020 New revision: 545532 URL: https://svnweb.freebsd.org/changeset/ports/545532 Log: textproc/elasticsearch6: Update to 6.8.12 Changes: https://www.elastic.co/guide/en/elasticsearch/reference/6.8/release-notes-6.8.12.html PR: 248761 Submitted by: Juraj Lutter <juraj@lutter.sk> (maintainer) MFH: 2020Q3 Security: fbca6863-e2ad-11ea-9d39-00a09858faf5 Changes: head/textproc/elasticsearch6/Makefile head/textproc/elasticsearch6/distinfo
Thanks.
A commit references this bug: Author: dmgk Date: Thu Aug 20 19:07:20 UTC 2020 New revision: 545549 URL: https://svnweb.freebsd.org/changeset/ports/545549 Log: MFH: r545532 textproc/elasticsearch6: Update to 6.8.12 Changes: https://www.elastic.co/guide/en/elasticsearch/reference/6.8/release-notes-6.8.12.html PR: 248761 Submitted by: Juraj Lutter <juraj@lutter.sk> (maintainer) Security: fbca6863-e2ad-11ea-9d39-00a09858faf5 Approved by: ports-secteam (joneum) Changes: _U branches/2020Q3/ branches/2020Q3/textproc/elasticsearch6/Makefile branches/2020Q3/textproc/elasticsearch6/distinfo