ID | 26902 |
Package Name | grafana |
Version | 9.0.9 |
Release | 3.el9_2 |
Epoch | |
Draft | False |
Source | git+https://git.cclinux.org/stage/rpms/grafana.git#38e6862a24e97feed2d3721e0f4c285a8a5b7554 |
Summary |
Description |
Built by | distrobuild |
State |
complete
|
Volume |
DEFAULT |
Started | Thu, 13 Jul 2023 20:22:39 CST |
Completed | Thu, 13 Jul 2023 20:45:29 CST |
Task | build (dist-circle9_2-updates, /stage/rpms/grafana.git:38e6862a24e97feed2d3721e0f4c285a8a5b7554) |
Extra | {'source': {'original_url': 'git+https://git.cclinux.org/stage/rpms/grafana.git?#38e6862a24e97feed2d3721e0f4c285a8a5b7554'}} |
Tags |
|
RPMs |
src | |
|
grafana-9.0.9-3.el9_2.src.rpm (info) (download) |
aarch64 |
|
grafana-9.0.9-3.el9_2.aarch64.rpm (info) (download)
|
|
grafana-debuginfo-9.0.9-3.el9_2.aarch64.rpm (info) (download)
|
|
grafana-debugsource-9.0.9-3.el9_2.aarch64.rpm (info) (download)
|
ppc64le |
|
grafana-9.0.9-3.el9_2.ppc64le.rpm (info) (download)
|
|
grafana-debuginfo-9.0.9-3.el9_2.ppc64le.rpm (info) (download)
|
|
grafana-debugsource-9.0.9-3.el9_2.ppc64le.rpm (info) (download)
|
s390x |
|
grafana-9.0.9-3.el9_2.s390x.rpm (info) (download)
|
|
grafana-debuginfo-9.0.9-3.el9_2.s390x.rpm (info) (download)
|
|
grafana-debugsource-9.0.9-3.el9_2.s390x.rpm (info) (download)
|
x86_64 |
|
grafana-9.0.9-3.el9_2.x86_64.rpm (info) (download)
|
|
grafana-debuginfo-9.0.9-3.el9_2.x86_64.rpm (info) (download)
|
|
grafana-debugsource-9.0.9-3.el9_2.x86_64.rpm (info) (download)
|
|
Logs |
|
Changelog |
* Wed Jun 28 2023 Stan Cox <scox@redhat.com> 9.0.9-3
- resolve CVE-2023-3128 grafana: Remove Email Lookup from oauth integrations
* Tue Nov 01 2022 Stan Cox <scox@redhat.com> 9.0.9-2
- resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in
- resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws
* Wed Sep 21 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.9-1
- update to 9.0.9 tagged upstream community sources, see CHANGELOG
- resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2125530)
* Tue Sep 20 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.8-2
- bump NVR
* Thu Sep 15 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.8-1
- update to 9.0.8 tagged upstream community sources, see CHANGELOG
- do not list /usr/share/grafana/conf twice
- drop makefile in favor of create_bundles.sh script
- sync provides/obsoletes with CentOS versions
- drop husky patch
* Thu Aug 11 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-3
- resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
- resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
- resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
- resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
- resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
- resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
- resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
- resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
* Tue Jul 26 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-2
- resolve CVE-2022-31107 grafana: OAuth account takeover
* Fri Apr 22 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-1
- update to 7.5.15 tagged upstream community sources, see CHANGELOG
- resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
- resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling
- resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation
- resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure
- resolve CVE-2021-23648 sanitize-url: XSS
- resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
- declare Node.js dependencies of subpackages
- make vendor and webpack tarballs reproducible
* Tue Jan 18 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.11-3
- use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens
- update FIPS tests in check phase
* Thu Dec 16 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.11-2
- resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
- resolve CVE-2021-43813 grafana: directory traversal vulnerability for *.md files
* Mon Oct 11 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.11-1
- update to 7.5.11 tagged upstream community sources, see CHANGELOG
- resolve CVE-2021-39226
* Thu Sep 30 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.10-1
- update to 7.5.10 tagged upstream community sources, see CHANGELOG
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 7.5.9-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Jul 08 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-2
- remove unused dependency property-information
- always include FIPS patch in SRPM
|