Created attachment 239993 [details] Update to 9.3.6
Created attachment 239994 [details] grafana8.patch Update to 8.5.20
Created attachment 239995 [details] vuxml.patch vuxml: * CVE-2022-39324 - Spoofing originalUrl of snapshots * CVE-2022-23552 - Stored XSS in ResourcePicker component
Thanks for the vuxml entry!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=71bbafdbe0f5df8c36aeade818e1375891644cf3 commit 71bbafdbe0f5df8c36aeade818e1375891644cf3 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2023-02-08 15:30:03 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-02-09 09:54:24 +0000 www/grafana8: Update to 8.5.20 (Fixes security vulnerabilities) ChangeLog: https://grafana.com/docs/grafana/latest/whatsnew/ Fixes: * Spoofing originalUrl of snapshots * Stored XSS in ResourcePicker component PR: 269409 Reported by: drtr0jan@yandex.ru (maintainer) MFH: 2023Q1 (security fixes) Security: CVE-2022-23552 CVE-2022-39324 www/grafana8/Makefile | 7 +++---- www/grafana8/Makefile.modules | 6 +++--- www/grafana8/distinfo | 22 +++++++++++----------- www/grafana8/pkg-plist | 7 ++++--- 4 files changed, 21 insertions(+), 21 deletions(-)
A commit in branch 2023Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=140fd130c501621093b2d200c08dadb1041a60ad commit 140fd130c501621093b2d200c08dadb1041a60ad Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2023-02-08 15:30:03 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-02-09 09:56:36 +0000 www/grafana8: Update to 8.5.20 (Fixes security vulnerabilities) ChangeLog: https://grafana.com/docs/grafana/latest/whatsnew/ Fixes: * Spoofing originalUrl of snapshots * Stored XSS in ResourcePicker component PR: 269409 Reported by: drtr0jan@yandex.ru (maintainer) MFH: 2023Q1 (security fixes) Security: CVE-2022-23552 CVE-2022-39324 (cherry picked from commit 71bbafdbe0f5df8c36aeade818e1375891644cf3) www/grafana8/Makefile | 7 +++---- www/grafana8/Makefile.modules | 6 +++--- www/grafana8/distinfo | 22 +++++++++++----------- www/grafana8/pkg-plist | 7 ++++--- 4 files changed, 21 insertions(+), 21 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=89532dedc2621b43db1d22dcf886954f042a09db commit 89532dedc2621b43db1d22dcf886954f042a09db Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2023-02-08 15:34:51 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-02-09 09:57:59 +0000 www/grafana9: Update to 9.3.6 (Fixes security vulnerabilities) ChangeLog: https://grafana.com/docs/grafana/latest/whatsnew/ Fixes: * Spoofing originalUrl of snapshots * Stored XSS in ResourcePicker component PR: 269409 Reported by: drtr0jan@yandex.ru (maintainer) MFH: 2023Q1 (security fixes) Security: CVE-2022-23552 CVE-2022-39324 www/grafana9/Makefile | 5 +- www/grafana9/distinfo | 14 ++-- www/grafana9/pkg-plist | 214 +++++++++++++++++++++++++------------------------ 3 files changed, 120 insertions(+), 113 deletions(-)
A commit in branch 2023Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=77f6298f11b1b13db1c410fb7b6dfa194e8b3f03 commit 77f6298f11b1b13db1c410fb7b6dfa194e8b3f03 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2023-02-08 15:34:51 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-02-09 09:59:54 +0000 www/grafana9: Update to 9.3.6 (Fixes security vulnerabilities) ChangeLog: https://grafana.com/docs/grafana/latest/whatsnew/ Fixes: * Spoofing originalUrl of snapshots * Stored XSS in ResourcePicker component PR: 269409 Reported by: drtr0jan@yandex.ru (maintainer) MFH: 2023Q1 (security fixes) Security: CVE-2022-23552 CVE-2022-39324 (cherry picked from commit 89532dedc2621b43db1d22dcf886954f042a09db) www/grafana9/Makefile | 4 +- www/grafana9/distinfo | 14 ++-- www/grafana9/pkg-plist | 214 +++++++++++++++++++++++++------------------------ 3 files changed, 120 insertions(+), 112 deletions(-)
Committed and merged to 2023Q1, Thanks!