[Bug 286323] www/grafana: Update to 11.6.1 (Fixes security vulnerabilities)

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 286323] www/grafana: Update to 11.6.1 (Fixes security vulnerabilities)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 24 Apr 2025 15:24:46 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286323

Boris Korzun <drtr0jan@yandex.ru> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ports-secteam@FreeBSD.org
 Attachment #259834|                            |maintainer-approval?(ports-
              Flags|                            |secteam@FreeBSD.org)

--- Comment #1 from Boris Korzun <drtr0jan@yandex.ru> ---
Created attachment 259834
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=259834&action=edit
vuxml.patch

vuxml:
* CVE-2025-2703 - DOM XSS vulnerability (Medium)
* CVE-2025-3260 - Bypass Viewer and Editor permission (High)
* CVE-2025-3454 - Authorization bypass in data source proxy API (Medium)

https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/

-- 
You are receiving this mail because:
You are the assignee for the bug.