[Bug 267728] www/grafana{8,9}: Update to 8.5.15 and 9.2.4 (fixes security vulnerabilities)

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 12 Nov 2022 15:34:44 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267728

Boris Korzun <drtr0jan@yandex.ru> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ports-secteam@FreeBSD.org
 Attachment #238033|                            |maintainer-approval?(ports-
              Flags|                            |secteam@FreeBSD.org)

--- Comment #2 from Boris Korzun <drtr0jan@yandex.ru> ---
Created attachment 238033
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=238033&action=edit
vuxml.diff

vuxml:
* CVE-2022-31123 - Plugin signature bypass
* CVE-2022-31130 - Data source and plugin proxy endpoints leaking
authentication tokens to some destination plugins
* CVE-2022-39201 - Data source and plugin proxy endpoints leaking
authentication tokens to some destination plugins
* CVE-2022-39229 - Improper authentication
* CVE-2022-39306 - Privilege escalation
* CVE-2022-39307 - Username enumeration
* CVE-2022-39328 - Privilege escalation (Critical)

https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/

https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/

-- 
You are receiving this mail because:
You are the assignee for the bug.