Bug 266128

Summary: www/grafana{8,9}: Update to 8.5.11 and 9.1.2 (Fixes security vulnerability)
Product: Ports & Packages Reporter: Boris Korzun <drtr0jan>
Component: Individual Port(s)Assignee: Nuno Teixeira <eduardo>
Status: Closed FIXED    
Severity: Affects Some People CC: eduardo, ports-secteam
Priority: --- Keywords: security
Version: LatestFlags: drtr0jan: maintainer-feedback+
eduardo: merge-quarterly+
Hardware: Any   
OS: Any   
URL: https://grafana.com/blog/2022/08/30/security-release-new-versions-of-grafana-and-grafana-image-renderer-with-a-high-severity-security-fix-for-cve-2022-31176/
Attachments:
Description Flags
grafana8.diff
drtr0jan: maintainer-approval+
grafana9.diff
drtr0jan: maintainer-approval+
vuxml.diff eduardo: maintainer-approval+

Description Boris Korzun 2022-08-31 11:10:14 UTC 
Created attachment 236258 [details]
grafana8.diff

Update to 8.5.11
Comment 1 Boris Korzun 2022-08-31 11:10:48 UTC 
Created attachment 236259 [details]
grafana9.diff

Update to 9.1.2
Comment 2 Boris Korzun 2022-08-31 11:13:46 UTC 
Created attachment 236260 [details]
vuxml.diff

vuxml: CVE-2022-31176 - Unauthorized file disclosure
Comment 3 commit-hook freebsd_committer freebsd_triage 2022-09-01 12:01:42 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6d1286b01d0f921696bf1759af0a6a50d4bdd0c8

commit 6d1286b01d0f921696bf1759af0a6a50d4bdd0c8
Author:     Boris Korzun <drtr0jan@yandex.ru>
AuthorDate: 2022-09-01 11:58:35 +0000
Commit:     Nuno Teixeira <eduardo@FreeBSD.org>
CommitDate: 2022-09-01 12:00:55 +0000

    www/grafana{8,9}: Update to 8.5.11 and 9.1.2 (Fixes security vulnerability)

     - vuxml: CVE-2022-31176 - Unauthorized file disclosure

    PR:             266128
    MFH:            2022Q3
    Security:       827b95ff-290e-11ed-a2e7-6c3be5272acd

 www/grafana8/Makefile         |  4 +--
 www/grafana8/Makefile.modules | 30 +++++++++++-----------
 www/grafana8/distinfo         | 58 +++++++++++++++++++++----------------------
 www/grafana9/Makefile         |  6 ++---
 www/grafana9/distinfo         | 14 +++++------
 www/grafana9/pkg-plist        | 42 ++++++++++++++++---------------
 6 files changed, 77 insertions(+), 77 deletions(-)
Comment 4 commit-hook freebsd_committer freebsd_triage 2022-09-01 12:01:43 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=4c5b101930584d59822335a4a7cf82ae17096c5a

commit 4c5b101930584d59822335a4a7cf82ae17096c5a
Author:     Nuno Teixeira <eduardo@FreeBSD.org>
AuthorDate: 2022-09-01 09:20:35 +0000
Commit:     Nuno Teixeira <eduardo@FreeBSD.org>
CommitDate: 2022-09-01 12:00:54 +0000

    security/vuxml: Document Grafana vulnerabilities

     - vuxml: CVE-2022-31176 - Unauthorized file disclosure

    PR:             266128

 security/vuxml/vuln-2022.xml | 45 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
Comment 5 commit-hook freebsd_committer freebsd_triage 2022-09-01 14:47:09 UTC 
A commit in branch 2022Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=93c7ec48ee7d82fa41eb15bf94d42751b004dde2

commit 93c7ec48ee7d82fa41eb15bf94d42751b004dde2
Author:     Boris Korzun <drtr0jan@yandex.ru>
AuthorDate: 2022-09-01 11:58:35 +0000
Commit:     Nuno Teixeira <eduardo@FreeBSD.org>
CommitDate: 2022-09-01 14:45:52 +0000

    www/grafana{8,9}: Update to 8.5.11 and 9.1.2 (Fixes security vulnerability)

     - vuxml: CVE-2022-31176 - Unauthorized file disclosure

    ChangeLog:      https://grafana.com/blog/2022/08/30/security-release-new-versions-of-grafana-and-grafana-image-renderer-with-a-high-severity-security-fix-for-cve-2022-31176/
    PR:             266128
    MFH:            2022Q3
    Security:       827b95ff-290e-11ed-a2e7-6c3be5272acd
    (cherry picked from commit 6d1286b01d0f921696bf1759af0a6a50d4bdd0c8)

 www/grafana8/Makefile         |  4 +--
 www/grafana8/Makefile.modules | 30 +++++++++++-----------
 www/grafana8/distinfo         | 58 +++++++++++++++++++++----------------------
 www/grafana9/Makefile         |  6 ++---
 www/grafana9/distinfo         | 14 +++++------
 www/grafana9/pkg-plist        | 42 ++++++++++++++++---------------
 6 files changed, 77 insertions(+), 77 deletions(-)
Comment 6 Nuno Teixeira freebsd_committer freebsd_triage 2022-09-01 14:48:20 UTC 
Committed, thanks!