[Bug 267728] www/grafana{8,9}: Update to 8.5.15 and 9.2.4 (fixes security vulnerabilities)
Date: Sat, 12 Nov 2022 15:34:44 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267728 Boris Korzun <drtr0jan@yandex.ru> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ports-secteam@FreeBSD.org Attachment #238033| |maintainer-approval?(ports- Flags| |secteam@FreeBSD.org) --- Comment #2 from Boris Korzun <drtr0jan@yandex.ru> --- Created attachment 238033 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=238033&action=edit vuxml.diff vuxml: * CVE-2022-31123 - Plugin signature bypass * CVE-2022-31130 - Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins * CVE-2022-39201 - Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins * CVE-2022-39229 - Improper authentication * CVE-2022-39306 - Privilege escalation * CVE-2022-39307 - Username enumeration * CVE-2022-39328 - Privilege escalation (Critical) https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/ https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/ -- You are receiving this mail because: You are the assignee for the bug.