266128 – www/grafana{8,9}: Update to 8.5.11 and 9.1.2 (Fixes security vulnerability)

Bug 266128 - www/grafana{8,9}: Update to 8.5.11 and 9.1.2 (Fixes security vulnerability)

Summary: www/grafana{8,9}: Update to 8.5.11 and 9.1.2 (Fixes security vulnerability)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Nuno Teixeira

URL:	https://grafana.com/blog/2022/08/30/s...
Keywords:	security

Depends on:
Blocks:

Reported:	2022-08-31 11:10 UTC by Boris Korzun
Modified:	2022-09-01 14:48 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	drtr0jan: maintainer-feedback+ eduardo: merge-quarterly+

Attachments
grafana8.diff (15.57 KB, patch) 2022-08-31 11:10 UTC, Boris Korzun	drtr0jan: maintainer-approval+	Details \| Diff
grafana9.diff (10.49 KB, patch) 2022-08-31 11:10 UTC, Boris Korzun	drtr0jan: maintainer-approval+	Details \| Diff
vuxml.diff (2.35 KB, patch) 2022-08-31 11:13 UTC, Boris Korzun	eduardo: maintainer-approval+	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Boris Korzun 2022-08-31 11:10:14 UTC

Created attachment 236258 [details]
grafana8.diff

Update to 8.5.11

Comment 1 Boris Korzun 2022-08-31 11:10:48 UTC

Created attachment 236259 [details]
grafana9.diff

Update to 9.1.2

Comment 2 Boris Korzun 2022-08-31 11:13:46 UTC

Created attachment 236260 [details]
vuxml.diff

vuxml: CVE-2022-31176 - Unauthorized file disclosure

Comment 3 commit-hook freebsd_committer

2022-09-01 12:01:42 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6d1286b01d0f921696bf1759af0a6a50d4bdd0c8

commit 6d1286b01d0f921696bf1759af0a6a50d4bdd0c8
Author:     Boris Korzun <drtr0jan@yandex.ru>
AuthorDate: 2022-09-01 11:58:35 +0000
Commit:     Nuno Teixeira <eduardo@FreeBSD.org>
CommitDate: 2022-09-01 12:00:55 +0000

    www/grafana{8,9}: Update to 8.5.11 and 9.1.2 (Fixes security vulnerability)

     - vuxml: CVE-2022-31176 - Unauthorized file disclosure

    PR:             266128
    MFH:            2022Q3
    Security:       827b95ff-290e-11ed-a2e7-6c3be5272acd

 www/grafana8/Makefile         |  4 +--
 www/grafana8/Makefile.modules | 30 +++++++++++-----------
 www/grafana8/distinfo         | 58 +++++++++++++++++++++----------------------
 www/grafana9/Makefile         |  6 ++---
 www/grafana9/distinfo         | 14 +++++------
 www/grafana9/pkg-plist        | 42 ++++++++++++++++---------------
 6 files changed, 77 insertions(+), 77 deletions(-)

Comment 4 commit-hook freebsd_committer

2022-09-01 12:01:43 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=4c5b101930584d59822335a4a7cf82ae17096c5a

commit 4c5b101930584d59822335a4a7cf82ae17096c5a
Author:     Nuno Teixeira <eduardo@FreeBSD.org>
AuthorDate: 2022-09-01 09:20:35 +0000
Commit:     Nuno Teixeira <eduardo@FreeBSD.org>
CommitDate: 2022-09-01 12:00:54 +0000

    security/vuxml: Document Grafana vulnerabilities

     - vuxml: CVE-2022-31176 - Unauthorized file disclosure

    PR:             266128

 security/vuxml/vuln-2022.xml | 45 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

Comment 5 commit-hook freebsd_committer

2022-09-01 14:47:09 UTC

A commit in branch 2022Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=93c7ec48ee7d82fa41eb15bf94d42751b004dde2

commit 93c7ec48ee7d82fa41eb15bf94d42751b004dde2
Author:     Boris Korzun <drtr0jan@yandex.ru>
AuthorDate: 2022-09-01 11:58:35 +0000
Commit:     Nuno Teixeira <eduardo@FreeBSD.org>
CommitDate: 2022-09-01 14:45:52 +0000

    www/grafana{8,9}: Update to 8.5.11 and 9.1.2 (Fixes security vulnerability)

     - vuxml: CVE-2022-31176 - Unauthorized file disclosure

    ChangeLog:      https://grafana.com/blog/2022/08/30/security-release-new-versions-of-grafana-and-grafana-image-renderer-with-a-high-severity-security-fix-for-cve-2022-31176/
    PR:             266128
    MFH:            2022Q3
    Security:       827b95ff-290e-11ed-a2e7-6c3be5272acd
    (cherry picked from commit 6d1286b01d0f921696bf1759af0a6a50d4bdd0c8)

 www/grafana8/Makefile         |  4 +--
 www/grafana8/Makefile.modules | 30 +++++++++++-----------
 www/grafana8/distinfo         | 58 +++++++++++++++++++++----------------------
 www/grafana9/Makefile         |  6 ++---
 www/grafana9/distinfo         | 14 +++++------
 www/grafana9/pkg-plist        | 42 ++++++++++++++++---------------
 6 files changed, 77 insertions(+), 77 deletions(-)

Comment 6 Nuno Teixeira freebsd_committer

2022-09-01 14:48:20 UTC

Committed, thanks!