| Summary: | <www-apps/grafana-bin-7.1.3: XSS via the OpenTSDB datasource (CVE-2020-13430) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sam James <sam> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | ajak, dan, patrick |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://github.com/grafana/grafana/pull/24539 | ||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=751727 | ||
| Whiteboard: | ~4 [noglsa cve] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Sam James
2020-05-24 18:54:09 UTC
May be backported to 6.7.x as per PR? (In reply to Sam James from comment #1) > May be backported to 6.7.x as per PR? No. https://github.com/grafana/grafana/pull/24539#issuecomment-658014066: @rotemreiss @pyogesh2 From what I hear, we only backport critical security fixes, and recommend instead upgrading to v7 for this one. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77439a6401a71baa4f5531618182b52947c13708 commit 77439a6401a71baa4f5531618182b52947c13708 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-08-20 00:02:59 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-08-20 00:03:13 +0000 www-apps/grafana-bin: bump to v7.1.3 Closes: https://bugs.gentoo.org/701238 Closes: https://bugs.gentoo.org/730336 Bug: https://bugs.gentoo.org/725110 Bug: https://bugs.gentoo.org/726946 Package-Manager: Portage-3.0.3, Repoman-3.0.0 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-apps/grafana-bin/grafana-bin-7.1.3.ebuild | 35 +++++++++++---------------- 1 file changed, 14 insertions(+), 21 deletions(-) Thanks for bump. Please cleanup <7.1.3. Repository is clean, all done! |