Date: Wed, 21 Sep 2022 14:50:43 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 266535] www/grafana7: Deprecate and remove port Message-ID: <bug-266535-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D266535 Bug ID: 266535 Summary: www/grafana7: Deprecate and remove port Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Keywords: security Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: drtr0jan@yandex.ru CC: robsonmantovani@gmail.com CC: robsonmantovani@gmail.com Flags: maintainer-feedback?(robsonmantovani@gmail.com) Attachment #236733 maintainer-approval?(robsonmantovani@gmail.com) Flags: Flags: maintainer-feedback?(robsonmantovani@gmail.com) Created attachment 236733 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D236733&action= =3Dedit grafana7.diff There're at least three vulnerabilities (two critical and one moderate) in = the port. There aren't fixes by upsream. Last version (7.5.16) has been release= d on on May 19, 2022. Current port version (7.5.15) has been released on Jan 25, 2022. I think the port should be marked as deprecated. Details: - 7.x branch is deprecated upstream - Has unfixed vulnerabilities - grafana8 and grafana9 are available as replacements - no consumers of grafana7 in the ports tree Security: CVE-2022-31107 CVE-2022-31176 CVE-2022-35957 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-266535-7788>