Created attachment 238031 [details] grafana8.diff Update to 8.5.15.
Created attachment 238032 [details] grafana9.diff Update to 9.2.4 Changelog: * https://github.com/grafana/grafana/releases/tag/v9.2.2 * https://github.com/grafana/grafana/releases/tag/v9.2.3 * https://github.com/grafana/grafana/releases/tag/v9.2.4
Created attachment 238033 [details] vuxml.diff vuxml: * CVE-2022-31123 - Plugin signature bypass * CVE-2022-31130 - Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins * CVE-2022-39201 - Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins * CVE-2022-39229 - Improper authentication * CVE-2022-39306 - Privilege escalation * CVE-2022-39307 - Username enumeration * CVE-2022-39328 - Privilege escalation (Critical) https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/ https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=c01da721e69d9ae724afef61bdb196543c86a461 commit c01da721e69d9ae724afef61bdb196543c86a461 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2022-11-13 00:12:21 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2022-11-13 00:18:39 +0000 www/grafana{8,9}: Update to 8.5.15 and 9.2.4 (fixes security vulnerabilities) * CVE-2022-31123 - Plugin signature bypass * CVE-2022-31130 - Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins * CVE-2022-39201 - Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins * CVE-2022-39229 - Improper authentication * CVE-2022-39306 - Privilege escalation * CVE-2022-39307 - Username enumeration * CVE-2022-39328 - Privilege escalation (Critical) https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/ https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/ ChangeLog: https://github.com/grafana/grafana/releases/tag/v8.5.15 https://github.com/grafana/grafana/releases/tag/v9.2.2 https://github.com/grafana/grafana/releases/tag/v9.2.3 https://github.com/grafana/grafana/releases/tag/v9.2.4 PR: 267728 MFH: 2022Q4 Security: 0a80f159-629b-11ed-9ca2-6c3be5272acd 6eb6a442-629a-11ed-9ca2-6c3be5272acd db895ed0-6298-11ed-9ca2-6c3be5272acd 4e60d660-6298-11ed-9ca2-6c3be5272acd 6f6c9420-6297-11ed-9ca2-6c3be5272acd 6877e164-6296-11ed-9ca2-6c3be5272acd 909a80ba-6294-11ed-9ca2-6c3be5272acd www/grafana8/Makefile | 7 +- www/grafana8/distinfo | 10 +- www/grafana9/Makefile | 4 +- www/grafana9/distinfo | 14 +-- www/grafana9/pkg-plist | 297 +++++++++++++++++++++++++------------------------ 5 files changed, 169 insertions(+), 163 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=69889d2f8d57226190eebde1f7391bcd1478b760 commit 69889d2f8d57226190eebde1f7391bcd1478b760 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2022-11-12 21:26:41 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2022-11-13 00:18:39 +0000 security/vuxml: Document Grafana multiple vulnerabilities * CVE-2022-31123 - Plugin signature bypass * CVE-2022-31130 - Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins * CVE-2022-39201 - Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins * CVE-2022-39229 - Improper authentication * CVE-2022-39306 - Privilege escalation * CVE-2022-39307 - Username enumeration * CVE-2022-39328 - Privilege escalation (Critical) https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/ https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/ PR: 267728 security/vuxml/vuln-2022.xml | 297 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 297 insertions(+)
A commit in branch 2022Q4 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=28823d911577732c270db216b8de88e3326727c7 commit 28823d911577732c270db216b8de88e3326727c7 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2022-11-13 00:12:21 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2022-11-13 00:48:50 +0000 www/grafana{8,9}: Update to 8.5.15 and 9.2.4 (fixes security vulnerabilities) * CVE-2022-31123 - Plugin signature bypass * CVE-2022-31130 - Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins * CVE-2022-39201 - Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins * CVE-2022-39229 - Improper authentication * CVE-2022-39306 - Privilege escalation * CVE-2022-39307 - Username enumeration * CVE-2022-39328 - Privilege escalation (Critical) https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/ https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/ ChangeLog: https://github.com/grafana/grafana/releases/tag/v8.5.15 https://github.com/grafana/grafana/releases/tag/v9.2.2 https://github.com/grafana/grafana/releases/tag/v9.2.3 https://github.com/grafana/grafana/releases/tag/v9.2.4 PR: 267728 MFH: 2022Q4 Security: 0a80f159-629b-11ed-9ca2-6c3be5272acd 6eb6a442-629a-11ed-9ca2-6c3be5272acd db895ed0-6298-11ed-9ca2-6c3be5272acd 4e60d660-6298-11ed-9ca2-6c3be5272acd 6f6c9420-6297-11ed-9ca2-6c3be5272acd 6877e164-6296-11ed-9ca2-6c3be5272acd 909a80ba-6294-11ed-9ca2-6c3be5272acd (cherry picked from commit c01da721e69d9ae724afef61bdb196543c86a461) www/grafana8/Makefile | 7 +- www/grafana8/distinfo | 10 +- www/grafana9/Makefile | 4 +- www/grafana9/distinfo | 14 +-- www/grafana9/pkg-plist | 297 +++++++++++++++++++++++++------------------------ 5 files changed, 169 insertions(+), 163 deletions(-)
Committed, thanks!