9.0.3 fixes numerous npm package vulnerabilities (prototype pollution, ReDoS}. Both 8.5.9 and 9.0.3 have fixes for: "Grafana OAuth account takeover (CVE-2022-31107) Grafana stored XSS vulnerability (CVE-2022-31097)" From https://github.com/grafana/grafana/pull/52279. https://github.com/grafana/grafana/releases/tag/v8.5.9 https://github.com/grafana/grafana/releases/tag/v9.0.3 Please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=42da957de1631c4e0ca1f235bc4a7ccd4d8c46f5 commit 42da957de1631c4e0ca1f235bc4a7ccd4d8c46f5 Author: Patrick Lauer <patrick@gentoo.org> AuthorDate: 2022-08-23 13:51:01 +0000 Commit: Patrick Lauer <patrick@gentoo.org> CommitDate: 2022-08-23 13:54:53 +0000 www-apps/grafana-bin: Bump to 8.5.10 9.0.7 9.1.0 Also remove old Bug: https://bugs.gentoo.org/858101 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Patrick Lauer <patrick@gentoo.org> www-apps/grafana-bin/Manifest | 7 +-- ...bin-7.5.16.ebuild => grafana-bin-8.5.10.ebuild} | 0 www-apps/grafana-bin/grafana-bin-9.0.2.ebuild | 64 ---------------------- ...a-bin-8.5.3.ebuild => grafana-bin-9.0.7.ebuild} | 0 ...a-bin-8.5.6.ebuild => grafana-bin-9.1.0.ebuild} | 0 5 files changed, 3 insertions(+), 68 deletions(-)
