Ubuntu
graphite-web package

Change logs for graphite-web source package in Focal

Focal (20.04)
Change log

graphite-web (1.1.4-5ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: XSS
    - debian/patches/CVE-2022-4728-[1-10].patch: fixed XSS issues in Cookie Handler
      component (CVE-2022-4728), Template Name Handler component
      (CVE-2022-4729), and Absolute Time Range Handler component
      (CVE-2022-4730).
    - CVE-2022-4728
    - CVE-2022-4729
    - CVE-2022-4730

 -- Amir Naseredini <email address hidden>  Tue, 18 Jul 2023 18:02:38 +0100

graphite-web (1.1.4-5) unstable; urgency=high

  * Non-maintainer upload.
  * Add patch to remove the 'send_email' function to avoid SSRF attack.
    This was insecure, not used in the code, and was undocumented as well.
    (Fixes: CVE-2017-18638)

 -- Utkarsh Gupta <email address hidden>  Thu, 17 Oct 2019 05:47:35 +0530

graphite-web (1.1.4-3) unstable; urgency=medium

  * Fix shebang of /usr/bin/graphite-manage. (Closes: #925240)

 -- Thomas Goirand <email address hidden>  Fri, 07 Jun 2019 09:39:24 +0200

Ubuntugraphite-web package

Change logs for graphite-web source package in Focal

Ubuntu
graphite-web package