Summary: | www/grafana8: Update to 8.1.6 (Fixes critical vulnerability) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Boris Korzun <drtr0jan> | ||||||||
Component: | Individual Port(s) | Assignee: | Yasuhiro Kimura <yasu> | ||||||||
Status: | Closed FIXED | ||||||||||
Severity: | Affects Some People | CC: | eduardo, ports-secteam, yasu | ||||||||
Priority: | --- | Flags: | yasu:
merge-quarterly+
|
||||||||
Version: | Latest | ||||||||||
Hardware: | Any | ||||||||||
OS: | Any | ||||||||||
URL: | https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/ | ||||||||||
Attachments: |
|
Description
Boris Korzun
2021-10-06 13:04:21 UTC
Created attachment 228479 [details]
vuxml.diff
Created attachment 228488 [details] grafana8.diff Update to 8.1.7. Changelog: * Security: Fixes CVE-2021-39226. For more information, see our blog ( https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/ ) * Alerting: Fix alerts with evaluation interval more than 30 seconds resolving before notification. * Elasticsearch/Prometheus: Fix usage of proper SigV4 service namespace. Ping Take. A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=725c5eb1df6a47cad84a95b05ee2460868a93096 commit 725c5eb1df6a47cad84a95b05ee2460868a93096 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2021-10-27 08:30:01 +0000 Commit: Yasuhiro Kimura <yasu@FreeBSD.org> CommitDate: 2021-10-27 09:01:29 +0000 www/grafana8: Update to 8.1.6 ReleaseNotes: https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/ PR: 258962 Security: CVE-2021-39226 www/grafana8/Makefile | 13 ++++++------- www/grafana8/Makefile.modules | 3 ++- www/grafana8/distinfo | 16 +++++++++------- 3 files changed, 17 insertions(+), 15 deletions(-) A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=e2ee21b6d9e95f4daacef5b04106bfda93897e0f commit e2ee21b6d9e95f4daacef5b04106bfda93897e0f Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2021-10-26 10:29:22 +0000 Commit: Yasuhiro Kimura <yasu@FreeBSD.org> CommitDate: 2021-10-27 09:01:21 +0000 security/vuxml: Document snapshot authentication bypass vulnerability in Grafana PR: 258962 Differential Revision: https://reviews.freebsd.org/D32667 security/vuxml/vuln-2021.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) A commit in branch 2021Q4 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=6d7306b058583f4b39036c9c2c5c73f2297318bb commit 6d7306b058583f4b39036c9c2c5c73f2297318bb Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2021-10-27 08:30:01 +0000 Commit: Yasuhiro Kimura <yasu@FreeBSD.org> CommitDate: 2021-10-27 09:07:44 +0000 www/grafana8: Update to 8.1.6 ReleaseNotes: https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/ PR: 258962 Security: CVE-2021-39226 (cherry picked from commit 725c5eb1df6a47cad84a95b05ee2460868a93096) www/grafana8/Makefile | 13 ++++++------- www/grafana8/Makefile.modules | 3 ++- www/grafana8/distinfo | 16 +++++++++------- 3 files changed, 17 insertions(+), 15 deletions(-) Comitted and merged to quarterly branch. Thanks! |