Created attachment 242951 [details] grafana8.patch Update to 8.5.27. Also set as deprecated after Grafana 10 released.
Created attachment 242952 [details] grafana9.patch Update to 9.5.5
Created attachment 242953 [details] vuxml.patch vuxml: * CVE-2023-3128 - Account takeover / authentication bypass ( https://grafana.com/security/security-advisories/cve-2023-3128 )
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=d86981321af78b575014891963f626fdca082ebf commit d86981321af78b575014891963f626fdca082ebf Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2023-06-25 07:15:16 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2023-06-25 07:23:15 +0000 www/grafana9: Update to 9.5.5 ChangeLog: https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/ PR: 272161 MFH: 2023Q2 Security: fdbe9aec-118b-11ee-908a-6c3be5272acd www/grafana9/Makefile | 4 ++-- www/grafana9/distinfo | 14 +++++++------- www/grafana9/pkg-plist | 22 ++++++++++++---------- 3 files changed, 21 insertions(+), 19 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=60127f6f4070d26b04328caf56ace7f0f2ca82a9 commit 60127f6f4070d26b04328caf56ace7f0f2ca82a9 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2023-06-24 22:52:55 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2023-06-25 07:23:15 +0000 security/vuxml: Add www/grafana{8,9} vulnerabilities * CVE-2023-3128 - Account takeover / authentication bypass ( https://grafana.com/security/security-advisories/cve-2023-3128 ) PR: 272161 security/vuxml/vuln/2023.xml | 51 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=86d7d344b5e08dc28360f56dbce86354bcbfac82 commit 86d7d344b5e08dc28360f56dbce86354bcbfac82 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2023-06-25 07:20:20 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2023-06-25 07:23:16 +0000 www/grafana8: Update to 8.5.27 - Set as deprecated after Grafana 10 released. ChangeLog: https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/ PR: 272161 MFH: 2023Q2 Security: fdbe9aec-118b-11ee-908a-6c3be5272acd www/grafana8/Makefile | 7 +++++-- www/grafana8/distinfo | 10 +++++----- 2 files changed, 10 insertions(+), 7 deletions(-)
A commit in branch 2023Q2 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=ef95161b3d1eaf5745e4c6400beec8dd71b06c40 commit ef95161b3d1eaf5745e4c6400beec8dd71b06c40 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2023-06-25 07:15:16 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2023-06-25 07:26:33 +0000 www/grafana9: Update to 9.5.5 ChangeLog: https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/ PR: 272161 MFH: 2023Q2 Security: fdbe9aec-118b-11ee-908a-6c3be5272acd (cherry picked from commit d86981321af78b575014891963f626fdca082ebf) www/grafana9/Makefile | 4 ++-- www/grafana9/distinfo | 14 +++++++------- www/grafana9/pkg-plist | 22 ++++++++++++---------- 3 files changed, 21 insertions(+), 19 deletions(-)
A commit in branch 2023Q2 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=422a0baba67fbed00c2f10941056f6c10253f9d2 commit 422a0baba67fbed00c2f10941056f6c10253f9d2 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2023-06-25 07:20:20 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2023-06-25 07:25:01 +0000 www/grafana8: Update to 8.5.27 - Set as deprecated after Grafana 10 released. ChangeLog: https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/ PR: 272161 MFH: 2023Q2 Security: fdbe9aec-118b-11ee-908a-6c3be5272acd (cherry picked from commit 86d7d344b5e08dc28360f56dbce86354bcbfac82) www/grafana8/Makefile | 7 +++++-- www/grafana8/distinfo | 10 +++++----- 2 files changed, 10 insertions(+), 7 deletions(-)
Committed, thanks!