Bug 266535
| Summary: | www/grafana7: Deprecate and remove port | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Boris Korzun <drtr0jan> | ||||
| Component: | Individual Port(s) | Assignee: | Fernando Apesteguía <fernape> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Some People | CC: | fernape, robsonmantovani | ||||
| Priority: | --- | Keywords: | security | ||||
| Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(robsonmantovani) drtr0jan: maintainer-feedback? (robsonmantovani) |
||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
Committed, Thanks! A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=13501dde5481abd54d610c65a37105eb46d61542 commit 13501dde5481abd54d610c65a37105eb46d61542 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2022-10-06 05:56:36 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2022-10-06 16:06:32 +0000 www/grafana7: Deprecate * 7.x branch is deprecated upstream * Has unfixed vulnerabilities * grafana8 and grafana9 are available as replacements * no consumers of grafana7 in the ports tree PR: 266535 Reported by: drtr0jan@yandex.ru Approved by: robsonmantovani@gmail.com (maintainer, timeout > 2 weeks) www/grafana7/Makefile | 3 +++ 1 file changed, 3 insertions(+) |
Created attachment 236733 [details] grafana7.diff There're at least three vulnerabilities (two critical and one moderate) in the port. There aren't fixes by upsream. Last version (7.5.16) has been released on on May 19, 2022. Current port version (7.5.15) has been released on Jan 25, 2022. I think the port should be marked as deprecated. Details: - 7.x branch is deprecated upstream - Has unfixed vulnerabilities - grafana8 and grafana9 are available as replacements - no consumers of grafana7 in the ports tree Security: CVE-2022-31107 CVE-2022-31176 CVE-2022-35957