Created attachment 240515 [details] grafana8.patch Update to 8.5.21
Created attachment 240516 [details] grafana9.patch Update to 9.3.8
Created attachment 240517 [details] vuxml.patch vuxml: * CVE-2023-0507 - Stored XSS in geomap panel plugin via attribution (High) * CVE-2023-0594 - Stored XSS in TraceView panel (High) * CVE-2023-22462 - Stored XSS in text panel plugin https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=462e31c4aa53dd4a69f0c3611daeb689d6096c30 commit 462e31c4aa53dd4a69f0c3611daeb689d6096c30 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2023-03-03 08:55:37 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-03-03 10:46:53 +0000 security/vuxml: document grafana{8,9} CVEs * CVE-2023-0507 - Stored XSS in geomap panel plugin via attribution (High) * CVE-2023-0594 - Stored XSS in TraceView panel (High) * CVE-2023-22462 - Stored XSS in text panel plugin PR: 269903 Reported by: drtr0jan@yandex.ru security/vuxml/vuln/2023.xml | 126 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 126 insertions(+)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=5877f73ba26bbcb03700ab3d7d3943e9d0e0f3f3 commit 5877f73ba26bbcb03700ab3d7d3943e9d0e0f3f3 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2023-03-03 08:49:32 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-03-03 12:05:13 +0000 www/grafana8: Update to 8.5.21 (Fixes security vulnerabilities) ChangeLog: https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/ PR: 269903 Reported by: drtr0jan@yandex.ru (maintainer) MFH: 2023Q1 (security fix) Security: CVE-2023-0594 CVE-2023-0507 CVE-2023-22462 www/grafana8/Makefile | 7 +++---- www/grafana8/distinfo | 10 +++++----- 2 files changed, 8 insertions(+), 9 deletions(-)
A commit in branch 2023Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=d5c2f5843729aa128abc9f4a98688a63d89b6762 commit d5c2f5843729aa128abc9f4a98688a63d89b6762 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2023-03-03 08:49:32 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-03-03 12:09:17 +0000 www/grafana8: Update to 8.5.21 (Fixes security vulnerabilities) ChangeLog: https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/ PR: 269903 Reported by: drtr0jan@yandex.ru (maintainer) MFH: 2023Q1 (security fix) Security: CVE-2023-0594 CVE-2023-0507 CVE-2023-22462 (cherry picked from commit 5877f73ba26bbcb03700ab3d7d3943e9d0e0f3f3) www/grafana8/Makefile | 7 +++---- www/grafana8/distinfo | 10 +++++----- 2 files changed, 8 insertions(+), 9 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=f0842e53c88bc6269b2318aa46ba90d02e2dc236 commit f0842e53c88bc6269b2318aa46ba90d02e2dc236 Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2023-03-03 08:53:21 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-03-03 12:10:57 +0000 www/grafana9: Update to 9.3.8 (Fixes security vulnerabilities) ChangeLog: https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/ PR: 269903 Reported by: drtr0jan@yandex.ru (maintainer) MFH: 2023Q1 (security fix) Security: CVE-2023-0594 CVE-2023-0507 CVE-2023-22462 www/grafana9/Makefile | 8 ++--- www/grafana9/distinfo | 14 ++++----- www/grafana9/pkg-plist | 81 +++++++++++++++++++++++++------------------------- 3 files changed, 52 insertions(+), 51 deletions(-)
A commit in branch 2023Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=ef150bc7260870482ab4087c455a339166ac3c9c commit ef150bc7260870482ab4087c455a339166ac3c9c Author: Boris Korzun <drtr0jan@yandex.ru> AuthorDate: 2023-03-03 08:53:21 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-03-03 12:13:07 +0000 www/grafana9: Update to 9.3.8 (Fixes security vulnerabilities) ChangeLog: https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/ PR: 269903 Reported by: drtr0jan@yandex.ru (maintainer) MFH: 2023Q1 (security fix) Security: CVE-2023-0594 CVE-2023-0507 CVE-2023-22462 (cherry picked from commit f0842e53c88bc6269b2318aa46ba90d02e2dc236) www/grafana9/Makefile | 8 ++--- www/grafana9/distinfo | 14 ++++----- www/grafana9/pkg-plist | 81 +++++++++++++++++++++++++------------------------- 3 files changed, 52 insertions(+), 51 deletions(-)
Committed and merged to 2023Q1. Thank you very much for the vuxml entry!