rpms
/
grafana
7
0
Fork 0
Code Issues Pull Requests Releases Activity

rebuild to fix various Golang CVEs 

Resolves: #2111747
This commit is contained in:
Andreas Gerstmayr 2022-08-08 13:49:30 +02:00
parent 664c406f53
commit ee4fa8f461
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
grafana.spec
View File

@ -30,7 +30,7 @@ end}
Name: grafana
Version: 7.5.15
Release: 2%{?dist}
Release: 3%{?dist}
Summary: Metrics dashboard and graph editor
License: ASL 2.0
URL: https://grafana.org
@ -973,6 +973,17 @@ OPENSSL_FORCE_FIPS_MODE=1 GOLANG_FIPS=1 go test -v ./pkg/util -run TestEncryptio
%changelog
* Thu Aug 11 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-3
- resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
- resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
- resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
- resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
- resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
- resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
- resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
- resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
* Tue Jul 26 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-2
- resolve CVE-2022-31107 grafana: OAuth account takeover