From 339b713f9f816fddeae63f4fe88ea64a3b4a84ac Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Thu, 11 Aug 2022 18:13:00 +0000
Subject: [PATCH] import grafana-7.5.15-3.el8

---
 SPECS/grafana.spec | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/SPECS/grafana.spec b/SPECS/grafana.spec
index 3be15e3..0a96dc0 100644
--- a/SPECS/grafana.spec
+++ b/SPECS/grafana.spec
@@ -30,7 +30,7 @@ end}
 
 Name:             grafana
 Version:          7.5.15
-Release:          2%{?dist}
+Release:          3%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          ASL 2.0
 URL:              https://grafana.org
@@ -973,6 +973,17 @@ OPENSSL_FORCE_FIPS_MODE=1 GOLANG_FIPS=1 go test -v ./pkg/util -run TestEncryptio
 
 
 %changelog
+* Wed Aug 10 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-3
+- resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
+- resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
+- resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
+- resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
+- resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
+- resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
+- resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
+- resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
+- resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
+
 * Wed Jul 20 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-2
 - resolve CVE-2022-31107 grafana: OAuth account takeover