[Bug 266535] www/grafana7: Deprecate and remove port

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266535] www/grafana7: Deprecate and remove port"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 21 Sep 2022 14:50:43 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266535

            Bug ID: 266535
           Summary: www/grafana7: Deprecate and remove port
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Keywords: security
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: drtr0jan@yandex.ru
                CC: robsonmantovani@gmail.com
                CC: robsonmantovani@gmail.com
             Flags: maintainer-feedback?(robsonmantovani@gmail.com)
 Attachment #236733 maintainer-approval?(robsonmantovani@gmail.com)
             Flags:
             Flags: maintainer-feedback?(robsonmantovani@gmail.com)

Created attachment 236733
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=236733&action=edit
grafana7.diff

There're at least three vulnerabilities (two critical and one moderate) in the
port. There aren't fixes by upsream. Last version (7.5.16) has been released on
on May 19, 2022. Current port version (7.5.15) has been released on Jan 25,
2022.

I think the port should be marked as deprecated.

Details:
- 7.x branch is deprecated upstream
- Has unfixed vulnerabilities
- grafana8 and grafana9 are available as replacements
- no consumers of grafana7 in the ports tree

Security:
CVE-2022-31107
CVE-2022-31176
CVE-2022-35957

-- 
You are receiving this mail because:
You are the assignee for the bug.