Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: grafana-selinux | Distribution: CentOS |
Version: 9.2.10 | Vendor: CentOS |
Release: 11.el9 | Build date: Tue Nov 21 16:01:00 2023 |
Group: Unspecified | Build host: s390-02.stream.rdu2.redhat.com |
Size: 477987 | Source RPM: grafana-9.2.10-11.el9.src.rpm |
Packager: builder@centos.org | |
Url: https://grafana.org | |
Summary: SELinux policy module supporting grafana |
SELinux policy module supporting grafana
AGPL-3.0-only
* Tue Nov 21 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-11 - Resolves RHEL-7505 - Fixes selinux denials found when testing on certain architectures * Wed Nov 15 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-10 - Resolves RHEL-7505 - Adds a selinux policy for grafana - Resolves RHEL-12666 - fix CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work * Thu Jul 20 2023 Stan Cox <scox@redhat.com> 9.2.10-5 - resolve CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth * Thu Jun 08 2023 Stan Cox <scox@redhat.com> 9.2.10-3 - bumps exporter-toolkit to v0.7.3, sanitize-url@npm to 6.0.2, skip problematic s390 tests, License AGPL-3.0-only. * Mon May 15 2023 Stan Cox <scox@redhat.com> 9.2.10-2 - Update to 9.2.10 * Thu May 04 2023 Stan Cox <scox@redhat.com> 9.2.10-1 - Update to 9.2.10 * Tue Nov 01 2022 Stan Cox <scox@redhat.com> 9.0.9-2 - resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in - resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws * Wed Sep 21 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.9-1 - update to 9.0.9 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2125530) * Tue Sep 20 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.8-2 - bump NVR * Thu Sep 15 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.8-1 - update to 9.0.8 tagged upstream community sources, see CHANGELOG - do not list /usr/share/grafana/conf twice - drop makefile in favor of create_bundles.sh script - sync provides/obsoletes with CentOS versions - drop husky patch * Thu Aug 11 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-3 - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working - resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read - resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob - resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob - resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode - resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip - resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal * Tue Jul 26 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-2 - resolve CVE-2022-31107 grafana: OAuth account takeover * Fri Apr 22 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-1 - update to 7.5.15 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources - resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling - resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation - resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure - resolve CVE-2021-23648 sanitize-url: XSS - resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter - declare Node.js dependencies of subpackages - make vendor and webpack tarballs reproducible * Tue Jan 18 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.11-3 - use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens - update FIPS tests in check phase * Thu Dec 16 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.11-2 - resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache - resolve CVE-2021-43813 grafana: directory traversal vulnerability for *.md files
/usr/share/doc/grafana-selinux /usr/share/doc/grafana-selinux/grafana.fc /usr/share/doc/grafana-selinux/grafana.if /usr/share/doc/grafana-selinux/grafana.pp.mls /usr/share/doc/grafana-selinux/grafana.pp.targeted /usr/share/doc/grafana-selinux/grafana.te /usr/share/selinux/mls/grafana.pp /usr/share/selinux/targeted/grafana.pp
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Jun 9 16:30:50 2024