Created attachment 253381 [details] patch to update the port to 8.0.3 plus vuxml entry Release notes: https://codeberg.org/forgejo/forgejo/milestone/8231
7.0.9 released too - added maintainer to CC, so that he could prepare a patch for her too.
<range><lt>8.0.3</lt></range> isn't correct - 7.0.9 fixed too. Probably this is correct: <package> <name>forgejo</name> <range><lt>8.0.3</lt></range> </package> <package> <name>forgejo7</name> <range><lt>7.0.9</lt></range> </package>
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=19df0c241ebb0ce7da82308959ba920eca4290b5 commit 19df0c241ebb0ce7da82308959ba920eca4290b5 Author: Stefan Bethke <stb@lassitu.de> AuthorDate: 2024-09-06 20:53:19 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2024-09-06 20:53:19 +0000 security/vuxml: Add www/forgejo < 8.0.3 and www/forgejo7 < 7.0.9 PR: 281314 security/vuxml/vuln/2024.xml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=891df28121bb41ca62e10c38089e8045090f0310 commit 891df28121bb41ca62e10c38089e8045090f0310 Author: Stefan Bethke <stb@lassitu.de> AuthorDate: 2024-09-06 20:33:40 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2024-09-06 20:33:40 +0000 www/forgejo: Update 8.0.2 → 8.0.3 (fixes security vulnerability) Changelog: Security - PR (backported): replace v-html with v-text in branch search inputbox for XSS protection - PR: Upgrade webpack to v5.94.0 as a precaution to mitigate CVE-2024-43788, although we were not yet able to confirm that this can be exploited in Forgejo. https://codeberg.org/forgejo/forgejo/milestone/8231 PR: 281314 MFH: 2024Q3 www/forgejo/Makefile | 2 +- www/forgejo/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)
A commit in branch 2024Q3 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3f44e8bb4bf3048e2b135304e9e863f203ce8f0a commit 3f44e8bb4bf3048e2b135304e9e863f203ce8f0a Author: Stefan Bethke <stb@lassitu.de> AuthorDate: 2024-09-06 20:33:40 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2024-09-06 20:58:48 +0000 www/forgejo: Update 8.0.2 → 8.0.3 (fixes security vulnerability) Changelog: Security - PR (backported): replace v-html with v-text in branch search inputbox for XSS protection - PR: Upgrade webpack to v5.94.0 as a precaution to mitigate CVE-2024-43788, although we were not yet able to confirm that this can be exploited in Forgejo. https://codeberg.org/forgejo/forgejo/milestone/8231 PR: 281314 MFH: 2024Q3 (cherry picked from commit 891df28121bb41ca62e10c38089e8045090f0310) www/forgejo/Makefile | 2 +- www/forgejo/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)
Thanks.