[Bug 269903] www/grafana{8,9}: Update to 8.5.21 and 9.3.8 (Fixes security vulnerabilities)

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 269903] www/grafana{8,9}: Update to 8.5.21 and 9.3.8 (Fixes security vulnerabilities)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 01 Mar 2023 19:13:30 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269903

Boris Korzun <drtr0jan@yandex.ru> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ports-secteam@FreeBSD.org
 Attachment #240517|                            |maintainer-approval?(ports-
              Flags|                            |secteam@FreeBSD.org)

--- Comment #2 from Boris Korzun <drtr0jan@yandex.ru> ---
Created attachment 240517
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=240517&action=edit
vuxml.patch

vuxml:
* CVE-2023-0507 - Stored XSS in geomap panel plugin via attribution (High)
* CVE-2023-0594 - Stored XSS in TraceView panel (High)
* CVE-2023-22462 - Stored XSS in text panel plugin

https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/

-- 
You are receiving this mail because:
You are the assignee for the bug.