www-apps/grafana-bin-5.2.3 has just been released containing an important security fix: https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/ v4.x is not in tree, so I propos bumping version to 5.2.3 and remove old ones. I'll send a pull request about it, but feel free to do it if someone's faster. Special thanks to Torkel Ödegaard (grafana author) for the extra ping about it!
Looks like Patrick already bumped the version in the tree, so I abandoned and closed my PR, thanks! Version 5.1.3 might still need removal, just to make sure there's no vulnerable version in portage.
Possible to update this alias with CVE-2018-15727 rather than existing alias do to: http://cve.circl.lu/cve/CVE-2018-558213 ? Summary: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-15727. Reason: This candidate is a reservation duplicate of CVE-2018-15727. Notes: All CVE users should reference CVE-2018-15727 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Gentoo Security Padawan (domhnall)
CVE-2018-15727 (https://nvd.nist.gov/vuln/detail/CVE-2018-15727): Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
Cleanup done via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5aa697e69247aef042662d8c3364675e2c7197b Repository is clean, all done.
