-
graphite-web (1.1.4-5ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: XSS
- debian/patches/CVE-2022-4728-[1-10].patch: fixed XSS issues in Cookie Handler
component (CVE-2022-4728), Template Name Handler component
(CVE-2022-4729), and Absolute Time Range Handler component
(CVE-2022-4730).
- CVE-2022-4728
- CVE-2022-4729
- CVE-2022-4730
-- Amir Naseredini <email address hidden> Tue, 18 Jul 2023 18:02:38 +0100
-
graphite-web (1.1.4-5) unstable; urgency=high
* Non-maintainer upload.
* Add patch to remove the 'send_email' function to avoid SSRF attack.
This was insecure, not used in the code, and was undocumented as well.
(Fixes: CVE-2017-18638)
-- Utkarsh Gupta <email address hidden> Thu, 17 Oct 2019 05:47:35 +0530
-
graphite-web (1.1.4-3) unstable; urgency=medium
* Fix shebang of /usr/bin/graphite-manage. (Closes: #925240)
-- Thomas Goirand <email address hidden> Fri, 07 Jun 2019 09:39:24 +0200