Overview

File _patchinfo of Package patchinfo.37535

<patchinfo incident="37535">
  <issue tracker="cve" id="2024-11741"/>
  <issue tracker="cve" id="2025-21613"/>
  <issue tracker="cve" id="2024-45339"/>
  <issue tracker="cve" id="2024-28180"/>
  <issue tracker="bnc" id="1235206">VUL-0: CVE-2024-28180: grafana: github.com/go-jose/go-jose/v3: improper handling of highly compressed data</issue>
  <issue tracker="bnc" id="1236734">VUL-0: CVE-2024-11741: grafana: Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission</issue>
  <issue tracker="bnc" id="1235574">VUL-0: CVE-2025-21613: grafana: github.com/go-git/go-git/v5: argument injection via the URL field</issue>
  <issue tracker="bnc" id="1236559">VUL-0: CVE-2024-45339: grafana: github.com/golang/glog: Vulnerability when creating log files in github.com/golang/glog</issue>
  <packager>raulosuna</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for grafana</summary>
  <description>This update for grafana fixes the following issues:

grafana was updated from version 10.4.13 to 10.4.15:

- Security issues fixed:
    * CVE-2024-45339: Fixed vulnerability when creating log files (bsc#1236559)
    * CVE-2024-11741: Fixed the Grafana Alerting VictorOps integration (bsc#1236734)
    * CVE-2025-21613: Removed vulnerable library github.com/go-git/go-git/v5 (bsc#1235574)
    * CVE-2024-28180: Fixed improper handling of highly compressed data (bsc#1235206)
- Other bugs fixed and changes:
    * Alerting: Do not fetch Orgs if the user is authenticated by apikey/sa or render key
    * Added provisioning directories
    * Use /bin/bash in wrapper scripts
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places