Created attachment 236726 [details] grafana8.diff
Created attachment 236727 [details] grafana9.diff Update to 9.1.6
Created attachment 236728 [details] vuxml.diff vuxml: CVE-2022-35957 - Auth proxy privilege escalation Don't add CVE-2022-36062 as not affected Grafana OSS.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=bc946e35d0f203eda145e604bbb27f04f849d4b7 commit bc946e35d0f203eda145e604bbb27f04f849d4b7 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2022-09-21 14:21:45 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2022-09-21 14:25:34 +0000 www/grafana{8,9}: Update to 8.5.13 and 9.1.6 (Fixes security vulnerability) - CVE-2022-35957 - Auth proxy privilege escalation ChangeLog: https://grafana.com/blog/2022/09/20/grafana-security-releases-new-versions-with-moderate-severity-security-fixes-for-cve-2022-35957-and-cve-2022-36062/ PR: 266530 MFH: 2022Q3 Security: 95e6e6ca-3986-11ed-8e0c-6c3be5272acd www/grafana8/Makefile | 7 ++-- www/grafana8/distinfo | 10 ++--- www/grafana8/pkg-plist | 6 +-- www/grafana9/Makefile | 4 +- www/grafana9/distinfo | 14 +++---- www/grafana9/pkg-plist | 110 ++++++++++++++++++++++++++++--------------------- 6 files changed, 83 insertions(+), 68 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=4247712f26814baeba8bb8d89a8aa29357128e93 commit 4247712f26814baeba8bb8d89a8aa29357128e93 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2022-09-21 11:55:52 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2022-09-21 14:25:34 +0000 security/vuxml: Document Grafana vulnerabilies PR: 266530 security/vuxml/vuln-2022.xml | 58 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+)
A commit in branch 2022Q3 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=b43020f0a1544f7ea30363eb1f3d71f4dd01de11 commit b43020f0a1544f7ea30363eb1f3d71f4dd01de11 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2022-09-21 14:21:45 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2022-09-21 14:39:03 +0000 www/grafana{8,9}: Update to 8.5.13 and 9.1.6 (Fixes security vulnerability) - CVE-2022-35957 - Auth proxy privilege escalation ChangeLog: https://grafana.com/blog/2022/09/20/grafana-security-releases-new-versions-with-moderate-severity-security-fixes-for-cve-2022-35957-and-cve-2022-36062/ PR: 266530 MFH: 2022Q3 Security: 95e6e6ca-3986-11ed-8e0c-6c3be5272acd (cherry picked from commit bc946e35d0f203eda145e604bbb27f04f849d4b7) www/grafana8/Makefile | 6 +-- www/grafana8/distinfo | 10 ++--- www/grafana8/pkg-plist | 6 +-- www/grafana9/Makefile | 4 +- www/grafana9/distinfo | 14 +++---- www/grafana9/pkg-plist | 110 ++++++++++++++++++++++++++++--------------------- 6 files changed, 83 insertions(+), 67 deletions(-)
Committed, thanks!