From 521d11f8bb101450ebd83b60e564e9cafb785b91 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 11 2022 18:13:00 +0000 Subject: import grafana-7.5.15-3.el8 --- diff --git a/SPECS/grafana.spec b/SPECS/grafana.spec index 3be15e3..0a96dc0 100644 --- a/SPECS/grafana.spec +++ b/SPECS/grafana.spec @@ -30,7 +30,7 @@ end} Name: grafana Version: 7.5.15 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Metrics dashboard and graph editor License: ASL 2.0 URL: https://grafana.org @@ -973,6 +973,17 @@ OPENSSL_FORCE_FIPS_MODE=1 GOLANG_FIPS=1 go test -v ./pkg/util -run TestEncryptio %changelog +* Wed Aug 10 2022 Andreas Gerstmayr 7.5.15-3 +- resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions +- resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header +- resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working +- resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read +- resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob +- resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob +- resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode +- resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip +- resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal + * Wed Jul 20 2022 Andreas Gerstmayr 7.5.15-2 - resolve CVE-2022-31107 grafana: OAuth account takeover