Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grafana for openSUSE:Factory checked in at 2026-06-02 16:09:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/grafana (Old) and /work/SRC/openSUSE:Factory/.grafana.new.1937 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "grafana" Tue Jun 2 16:09:44 2026 rev:86 rq:1356705 version:11.6.14+security04 Changes: -------- --- /work/SRC/openSUSE:Factory/grafana/grafana.changes 2026-06-01 18:07:56.760109501 +0200 +++ /work/SRC/openSUSE:Factory/.grafana.new.1937/grafana.changes 2026-06-02 16:11:13.736051300 +0200 @@ -1,0 +2,27 @@ +Tue Jun 2 10:30:52 UTC 2026 - Witek Bedyk <[email protected]> + +- Update to version 11.6.14+security-04: + Security: + * CVE-2026-28374: Fix insecure direct object reference in + Annotations API (bsc#1265290) + * CVE-2026-28376: Fix unbounded memory allocation in Grafana Live + push endpoint (bsc#1265289) + * CVE-2026-28383: Fix unbounded memory allocation in Grafana + plugin resources (bsc#1265286) + * CVE-2026-28380: Fix broken access control in Snapshot API + (bsc#1265287) + * CVE-2026-33376: Fix Auth Proxy IPv6 whitelist bypass + (bsc#1265285) + * CVE-2026-28379: Fix viewer-triggered race condition in + Grafana Live (bsc#1265288) + * CVE-2026-33377: Fix dashboard Editor Privilege Escalation + (bsc#1265284) + * CVE-2026-33378: Fix OOM exception in Grafana Data Source Plugin + (bsc#1265283) + * CVE-2026-33381: Prevent users from generating Service Account + tokens after permissions removal (bsc#1265281) + * CVE-2026-33380: Fix vulnerability in SQL Expressions allowing + an authenticated attacker to read arbitrary files from the + Grafana server’s filesystem (bsc#1265282) + +------------------------------------------------------------------- Old: ---- grafana-11.6.14+security01.tar.gz New: ---- grafana-11.6.14+security04.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ grafana.spec ++++++ --- /var/tmp/diff_new_pack.WRY3Bb/_old 2026-06-02 16:11:19.532288107 +0200 +++ /var/tmp/diff_new_pack.WRY3Bb/_new 2026-06-02 16:11:19.548288761 +0200 @@ -22,7 +22,7 @@ %endif Name: grafana -Version: 11.6.14+security01 +Version: 11.6.14+security04 Release: 0 Summary: The open-source platform for monitoring and observability License: AGPL-3.0-only ++++++ _service ++++++ --- /var/tmp/diff_new_pack.WRY3Bb/_old 2026-06-02 16:11:20.496327492 +0200 +++ /var/tmp/diff_new_pack.WRY3Bb/_new 2026-06-02 16:11:20.552329780 +0200 @@ -6,7 +6,7 @@ <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)-(.*)</param> <param name="versionrewrite-replacement">\1\2</param> - <param name="revision">v11.6.14+security-01</param> + <param name="revision">v11.6.14+security-04</param> </service> <service name="recompress" mode="manual"> <param name="compression">gz</param> @@ -14,7 +14,7 @@ </service> <service name="set_version" mode="manual"> <param name="basename">grafana</param> - <param name="version">11.6.14+security01</param> + <param name="version">11.6.14+security04</param> </service> </services> ++++++ grafana-11.6.14+security01.tar.gz -> grafana-11.6.14+security04.tar.gz ++++++ /work/SRC/openSUSE:Factory/grafana/grafana-11.6.14+security01.tar.gz /work/SRC/openSUSE:Factory/.grafana.new.1937/grafana-11.6.14+security04.tar.gz differ: char 5, line 1 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/grafana/vendor.tar.gz /work/SRC/openSUSE:Factory/.grafana.new.1937/vendor.tar.gz differ: char 5, line 1
