-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 22 Feb 2023 11:10:27 +0100 Source: graphite-web Binary: graphite-web Architecture: source all Version: 1.1.8-1.1~bpo11+1 Distribution: bullseye-backports Urgency: high Maintainer: Debian Graphite Group <team+debian-graphite-team@tracker.debian.org> Changed-By: Christoph Martin <martin@uni-mainz.de> Description: graphite-web - Enterprise Scalable Realtime Graphing Closes: 936651 940554 962623 1026992 Changes: graphite-web (1.1.8-1.1~bpo11+1) bullseye-backports; urgency=medium . * Backports rebuild . graphite-web (1.1.8-1.1) unstable; urgency=medium . * NMU * CVE-2022-4728, CVE-2022-4729 & CVE-2022-4730: Prevent a series of cross-site scripting (XSS) vulnerabilties that could have been exploited remotely. Issues existed in the Cookie Handler, Template Name Handler and Absolute Time Range Handler components. (Closes: #1026992) . graphite-web (1.1.8-1) unstable; urgency=medium . * New upstream release: - Works with Python 3.9 (Closes: #962623). * Refresh local_settings.patch. * Rebase settings_debian.patch (taken from bug report). * Drop CVE-2017-18638.patch applied upstream. . graphite-web (1.1.4-5) unstable; urgency=high . * Non-maintainer upload. * Add patch to remove the 'send_email' function to avoid SSRF attack. This was insecure, not used in the code, and was undocumented as well. (Fixes: CVE-2017-18638) . graphite-web (1.1.4-4) unstable; urgency=medium . * Avoid hourly error in cron with no whisper db (Closes: #940554). Thanks to Alexandre Rossi <niol@zincube.net> for the patch. * Removed use of Python 2 (Closes: #936651). Thanks to Alexander again for the patch. Checksums-Sha1: 2c7fdc34b7e361c9da6747974bd1104e7f5c8b4b 2293 graphite-web_1.1.8-1.1~bpo11+1.dsc 562ccbe2466bcd150b3863e162b05d5537cd9de1 1177214 graphite-web_1.1.8.orig.tar.gz 9f8bc8b069aab6a3e213313654b7e28e2625091b 228180 graphite-web_1.1.8-1.1~bpo11+1.debian.tar.xz 8e4c60c8daae39ee0205b54c4da8e891b2cd6e10 956564 graphite-web_1.1.8-1.1~bpo11+1_all.deb ff0041b4fc22e9f7697a4f4829f3ed95ca24d898 8032 graphite-web_1.1.8-1.1~bpo11+1_amd64.buildinfo Checksums-Sha256: 125d13ca1787251568c1b7e388bc65321ae08c4bf3fba0a075e4563c23a9bd01 2293 graphite-web_1.1.8-1.1~bpo11+1.dsc 54240b0f1e069b53e2ce92d4e534e21b195fb0ebd64b6ad8a49c44284e3eb0b1 1177214 graphite-web_1.1.8.orig.tar.gz 57341e967a3839e6c09a57110637da06e44eeb2c3f4c5d4f38d66ec236c350e4 228180 graphite-web_1.1.8-1.1~bpo11+1.debian.tar.xz 9c1a78adeaa580a97d4deee256b4f747e92c4079f2efac32ca06f6f4766baafe 956564 graphite-web_1.1.8-1.1~bpo11+1_all.deb c57037af22bc6534d8a116328116153008a3c2033c13387bf8d535708610ab83 8032 graphite-web_1.1.8-1.1~bpo11+1_amd64.buildinfo Files: d38e635840376d5090bcec52e83fbd78 2293 web extra graphite-web_1.1.8-1.1~bpo11+1.dsc 088cba7cf97062e101f6c1565fc4c050 1177214 web extra graphite-web_1.1.8.orig.tar.gz 613a21d1e4a0bb2120881647630b47c5 228180 web extra graphite-web_1.1.8-1.1~bpo11+1.debian.tar.xz fcae7ff874da76a932a9060528f88a3e 956564 web extra graphite-web_1.1.8-1.1~bpo11+1_all.deb b6010abce1bfbededc9a4c2b2bf29e4f 8032 web extra graphite-web_1.1.8-1.1~bpo11+1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEt1cFkfJ3DVbrq4cu7mlEXgxb5BcFAmP18YEACgkQ7mlEXgxb 5BdTxhAAtPQNLfABIF9iYeWbPs3uw+WbgQU/wdladTnOZJ51iFJAvo4Nz/0hD/UL iooFhxQW8de1OxizFMxJIuxmeUurjNrgn4kq55I+QbAIMUcCkHb9+g+aokzOXCQv 7qm5udRdRDRFPeiXl+XVFfiu9pJbWxAN7uZygB+xBYqF8WEgNvXWvWQ9rI4fSNIu Bq9rK7NGnS0c2+n6u+Xp+23cTLtMmWIYxEIFAmsxfUTA7KLEzbMo1QnfgDRNZi92 DGWjX2OOH7t0v2vU5byF9nbOK79+EUvDjhNqEPrxou/X2Cu4kCc1LJmaMHHlB0YQ k7COivoi9OSApiIPzsLPnTuvrlatA9eRnqBLMGzTYhP6Yr7qOxDVNNTaJDgkwwh7 d/zPbahD7A/kpGAp7sDv+JdUyMuSpDrm37w2+zcrjJOA62hxOZYYjWhJXk4HVzYY 67ttcHc9rwSwyNi03rPAhat/IUQmp5GWTNkmlJJBboYqCfB/PPbPotXOTiNcIEsj RfZTnuYKqF5yTLhupwkP4FgntioaQtzx7Kjor65boLL/8g0OYG1hNB6JMMpYlQCr H7pMklzc4xHQUA0HtdpGG+qdzVrCDPV4aL94Vxm3q/wGWHuiIoKGoyZZVkKLObr/ a8I7Yhpk4dnwTQsv1xiaaEPjdgRbjzN5syr5wPFatFAzOGoehlU= =6ZUU -----END PGP SIGNATURE-----
