File _patchinfo of Package patchinfo.14328

<patchinfo incident="14328">
  <issue tracker="cve" id="2020-13379"/>
  <issue tracker="cve" id="2020-12245"/>
  <issue tracker="cve" id="2019-15043"/>
  <issue tracker="cve" id="2018-19039"/>
  <issue tracker="bnc" id="1170557">VUL-0: CVE-2020-12245: grafana: XSS in table-panel via column.title or cellLinkTooltip</issue>
  <issue tracker="bnc" id="1044444">Package "grafana" contains pre-compiled phantomjs binary</issue>
  <issue tracker="bnc" id="1115960">VUL-0: CVE-2018-19039: grafana: users with Editor or Admin permissions can exfiltrate files</issue>
  <issue tracker="bnc" id="1044933">Build 226 - SES deployment fails on stage 2 IDs: add prometheus ds,  setup monitoring</issue>
  <packager>jcavalheiro</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for grafana</summary>
  <description>This update for grafana fixes the following issues:

grafana was updated to version 7.1.5:

  * Features / Enhancements

    - Stats: Stop counting the same user multiple times.
    - Field overrides: Filter by field name using regex.
    - AzureMonitor: map more units.
    - Explore: Don't run queries on datasource change.
    - Graph: Support setting field unit &amp; override data source (automatic) unit.
    - Explore: Unification of logs/metrics/traces user interface
    - Table: JSON Cell should try to convert strings to JSON
    - Variables: enables cancel for slow query variables queries. 
    - TimeZone: unify the time zone pickers to one that can rule them all.
    - Search: support URL query params.
    - Grafana-UI: Add FileUpload.
    - TablePanel: Sort numbers correctly.

  * Bug fixes

    - Alerting: remove LongToWide call in alerting.
    - AzureMonitor: fix panic introduced in 7.1.4 when unit was unspecified and alias was used. 
    - Variables: Fixes issue with All variable not being resolved.
    - Templating: Fixes so texts show in picker not the values.
    - Templating: Templating: Fix undefined result when using raw interpolation format
    - TextPanel: Fix content overflowing panel boundaries. 
    - StatPanel: Fix stat panel display name not showing when explicitly set.
    - Query history: Fix search filtering if null value.
    - Flux: Ensure connections to InfluxDB are closed.
    - Dashboard: Fix for viewer can enter panel edit mode by modifying url (but cannot not save anything).
    - Prometheus: Fix prom links in mixed mode.
    - Sign In Use correct url for the Sign In button.
    - StatPanel: Fixes issue with name showing for single series / field results
    - BarGauge: Fix space bug in single series mode.
    - Auth: Fix POST request failures with anonymous access
    - Templating: Fix recursive loop of template variable queries when changing ad-hoc-variable
    - Templating: Fixed recursive queries triggered when switching dashboard settings view
    - GraphPanel: Fix annotations overflowing panels.
    - Prometheus: Fix performance issue in processing of histogram labels.
    - Datasources: Handle URL parsing error.
    - Security: Use Header.Set and Header.Del for X-Grafana-User header.

</description>
</patchinfo>