| ID | 31546 |
| Package Name | grafana |
| Version | 9.2.10 |
| Release | 16.el9_4 |
| Epoch | |
Draft | False |
| Source | git+https://git.cclinux.org/stage/rpms/grafana.git#6f97c7b6ba7d4a2623f0a099b84a901498ba2d6c |
| Summary |
| Description |
| Built by | distrobuild |
| State |
complete
|
| Volume |
DEFAULT |
| Started | Mon, 25 Nov 2024 11:41:29 CST |
| Completed | Mon, 25 Nov 2024 11:51:51 CST |
| Task | build (dist-circle9_4-updates, /stage/rpms/grafana.git:6f97c7b6ba7d4a2623f0a099b84a901498ba2d6c) |
| Extra | {'source': {'original_url': 'git+https://git.cclinux.org/stage/rpms/grafana.git?#6f97c7b6ba7d4a2623f0a099b84a901498ba2d6c'}} |
| Tags |
|
| RPMs |
| src | |
|---|
|
grafana-9.2.10-16.el9_4.src.rpm (info) (download) |
| aarch64 |
|
grafana-9.2.10-16.el9_4.aarch64.rpm (info) (download)
|
|
grafana-selinux-9.2.10-16.el9_4.aarch64.rpm (info) (download)
|
|
grafana-debuginfo-9.2.10-16.el9_4.aarch64.rpm (info) (download)
|
|
grafana-debugsource-9.2.10-16.el9_4.aarch64.rpm (info) (download)
|
| ppc64le |
|
grafana-9.2.10-16.el9_4.ppc64le.rpm (info) (download)
|
|
grafana-selinux-9.2.10-16.el9_4.ppc64le.rpm (info) (download)
|
|
grafana-debuginfo-9.2.10-16.el9_4.ppc64le.rpm (info) (download)
|
|
grafana-debugsource-9.2.10-16.el9_4.ppc64le.rpm (info) (download)
|
| x86_64 |
|
grafana-9.2.10-16.el9_4.x86_64.rpm (info) (download)
|
|
grafana-selinux-9.2.10-16.el9_4.x86_64.rpm (info) (download)
|
|
grafana-debuginfo-9.2.10-16.el9_4.x86_64.rpm (info) (download)
|
|
grafana-debugsource-9.2.10-16.el9_4.x86_64.rpm (info) (download)
|
|
| Logs |
|
| Changelog |
* Tue Apr 16 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-16
- Check OrdID is correct before deleting snapshot
- fix CVE-2024-1313
- fix CVE-2024-1394
* Wed Jan 31 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-15
- Resolves RHEL-23468
- Allows for gid to be 0
- Allows for postgreSQL datasource in selinux policy
* Tue Dec 19 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-14
- Fixes postgresql AVC denial
- Related RHEL-7505
* Thu Dec 14 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-13
- Resolves RHEL-19296
- Fixes coredump issue introduced by selinux
- Patches out call to panic when trying to walk "/" directory
* Thu Nov 30 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-12
- Resolves RHEL-7505
- Fixes additional selinux denials found when testing on certain architectures
* Tue Nov 21 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-11
- Resolves RHEL-7505
- Fixes selinux denials found when testing on certain architectures
* Wed Nov 15 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-10
- Resolves RHEL-7505
- Adds a selinux policy for grafana
- Resolves RHEL-12666
- fix CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work
* Thu Jul 20 2023 Stan Cox <scox@redhat.com> 9.2.10-5
- resolve CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth
* Thu Jun 08 2023 Stan Cox <scox@redhat.com> 9.2.10-3
- bumps exporter-toolkit to v0.7.3, sanitize-url@npm to 6.0.2, skip problematic s390 tests, License AGPL-3.0-only.
* Mon May 15 2023 Stan Cox <scox@redhat.com> 9.2.10-2
- Update to 9.2.10
* Thu May 04 2023 Stan Cox <scox@redhat.com> 9.2.10-1
- Update to 9.2.10
* Tue Nov 01 2022 Stan Cox <scox@redhat.com> 9.0.9-2
- resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in
- resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws
* Wed Sep 21 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.9-1
- update to 9.0.9 tagged upstream community sources, see CHANGELOG
- resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2125530)
* Tue Sep 20 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.8-2
- bump NVR
* Thu Sep 15 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.8-1
- update to 9.0.8 tagged upstream community sources, see CHANGELOG
- do not list /usr/share/grafana/conf twice
- drop makefile in favor of create_bundles.sh script
- sync provides/obsoletes with CentOS versions
- drop husky patch
* Thu Aug 11 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-3
- resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
- resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
- resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
- resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
- resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
- resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
- resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
- resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
* Tue Jul 26 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-2
- resolve CVE-2022-31107 grafana: OAuth account takeover
* Fri Apr 22 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-1
- update to 7.5.15 tagged upstream community sources, see CHANGELOG
- resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
- resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling
- resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation
- resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure
- resolve CVE-2021-23648 sanitize-url: XSS
- resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
- declare Node.js dependencies of subpackages
- make vendor and webpack tarballs reproducible
|
