Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 846473 (CVE-2022-29170) - <www-apps/grafana-bin-{7.5.16,8.5.3}: redirect vulnerability
Summary: <www-apps/grafana-bin-{7.5.16,8.5.3}: redirect vulnerability
Status: RESOLVED FIXED
Alias: CVE-2022-29170
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-05-19 17:14 UTC by John Helmert III
Modified: 2022-05-19 18:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-19 17:14:29 UTC 
"- **Security:** fixes CVE-2022-29170. [#49240](https://github.com/grafana/grafana/pull/49240), [@xlson](https://github.com/xlson)"

Please bump to 7.5.16 and 8.5.3:

https://github.com/grafana/grafana/releases/tag/v7.5.16
https://github.com/grafana/grafana/releases/tag/v8.5.3
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-19 17:17:10 UTC 
No details, but the patches create new middleware related to redirects.
Comment 2 Larry the Git Cow gentoo-dev 2022-05-19 18:32:32 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a016ab193bcedf1a878dfad8cdcf83b13eae2df2

commit a016ab193bcedf1a878dfad8cdcf83b13eae2df2
Author:     Patrick Lauer <patrick@gentoo.org>
AuthorDate: 2022-05-19 18:32:22 +0000
Commit:     Patrick Lauer <patrick@gentoo.org>
CommitDate: 2022-05-19 18:32:30 +0000

    www-apps/grafana-bin: Bump to 7.5.16 8.5.3
    
    Bug: https://bugs.gentoo.org/846473
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Patrick Lauer <patrick@gentoo.org>

 www-apps/grafana-bin/Manifest                      |  8 +--
 ...bin-7.5.15.ebuild => grafana-bin-7.5.16.ebuild} |  0
 www-apps/grafana-bin/grafana-bin-8.3.7.ebuild      | 64 ----------------------
 www-apps/grafana-bin/grafana-bin-8.4.4.ebuild      | 64 ----------------------
 www-apps/grafana-bin/grafana-bin-8.4.7.ebuild      | 64 ----------------------
 www-apps/grafana-bin/grafana-bin-8.5.2.ebuild      | 64 ----------------------
 ...a-bin-8.3.5.ebuild => grafana-bin-8.5.3.ebuild} |  0
 7 files changed, 2 insertions(+), 262 deletions(-)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-19 18:37:04 UTC 
Thanks, all done.