Source: elasticsearch Version: 1.0.3+dfsg-5 Severity: grave Tags: security upstream fixed-upstream Justification: user security hole
Hi, the following vulnerabilities were published for elasticsearch. Reporting them right now as severity grave since some details are missed so feel free to downgrade. CVE-2015-5377[0]: Remote code execution vulnerability CVE-2015-5531[1]: Directory traversal vulnerability If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-5377 [1] https://security-tracker.debian.org/tracker/CVE-2015-5531 [2] https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released#security Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
