Attachment #237361 for bug #267106

View | Details | Raw Unified | Return to bug 267106
Collapse All | Expand All




  <vuln vid="d713d709-4cc9-11ed-a621-0800277bb8a8">
    <topic>gitea -- multiple issues</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.17.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/21463">
	  <p>Sanitize and Escape refs in git backend</p>
	</blockquote>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/21412">
	  <p>Bump golang.org/x/text</p>
	</blockquote>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/21281">
	  <p>Update bluemonday</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.17.3</url>
    </references>
    <dates>
      <discovery>2022-09-27</discovery>
      <entry>2022-10-15</entry>
    </dates>
  </vuln>

  <vuln vid="127674c6-4a27-11ed-9f93-002b67dfc673">
    <topic>roundcube-thunderbird_labels -- RCE with custom label titles</topic>
    <affects>

Lines 1-7 Link Here

(-)b/www/gitea/Makefile (-2 / +1 lines)
1	PORTNAME= gitea	1	PORTNAME= gitea
2	DISTVERSIONPREFIX= v	2	DISTVERSIONPREFIX= v
3	DISTVERSION= 1.17.2	3	DISTVERSION= 1.17.3
4	PORTREVISION= 1
5	CATEGORIES= www	4	CATEGORIES= www
6	MASTER_SITES= https://github.com/go-gitea/gitea/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/ \	5	MASTER_SITES= https://github.com/go-gitea/gitea/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/ \
7	https://dl.gitea.io/gitea/${DISTVERSION}/	6	https://dl.gitea.io/gitea/${DISTVERSION}/

Lines 1-3 Link Here

(-)b/www/gitea/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1662886552	1	TIMESTAMP = 1665865667
2	SHA256 (gitea-src-1.17.2.tar.gz) = a4383e1c2ddd6d67f4471a0bbc1b4839a15ab8fd6951804e1be43d7229e1de58	2	SHA256 (gitea-src-1.17.3.tar.gz) = 35490480ab793844e8ef9d541dca1c3c7ee510883205fe9197f373d276cd1f78
3	SIZE (gitea-src-1.17.2.tar.gz) = 52668293	3	SIZE (gitea-src-1.17.3.tar.gz) = 52711597

Return to bug 267106

Lines 1-3 Link Here

(-)b/security/vuxml/vuln-2022.xml (+31 lines)
		1	<vuln vid="d713d709-4cc9-11ed-a621-0800277bb8a8">
		2	<topic>gitea -- multiple issues</topic>
		3	<affects>
		4	<package>
		5	<name>gitea</name>
		6	<range><lt>1.17.3</lt></range>
		7	</package>
		8	</affects>
		9	<description>
		10	<body xmlns="http://www.w3.org/1999/xhtml">
		11	<p>The Gitea team reports:</p>
		12	<blockquote cite="https://github.com/go-gitea/gitea/pull/21463">
		13	<p>Sanitize and Escape refs in git backend</p>
		14	</blockquote>
		15	<blockquote cite="https://github.com/go-gitea/gitea/pull/21412">
		16	<p>Bump golang.org/x/text</p>
		17	</blockquote>
		18	<blockquote cite="https://github.com/go-gitea/gitea/pull/21281">
		19	<p>Update bluemonday</p>
		20	</blockquote>
		21	</body>
		22	</description>
		23	<references>
		24	<url>https://github.com/go-gitea/gitea/releases/tag/v1.17.3</url>
		25	</references>
		26	<dates>
		27	<discovery>2022-09-27</discovery>
		28	<entry>2022-10-15</entry>
		29	</dates>
		30	</vuln>
		31
1	<vuln vid="127674c6-4a27-11ed-9f93-002b67dfc673">	32	<vuln vid="127674c6-4a27-11ed-9f93-002b67dfc673">
2	<topic>roundcube-thunderbird_labels -- RCE with custom label titles</topic>	33	<topic>roundcube-thunderbird_labels -- RCE with custom label titles</topic>
3	<affects>	34	<affects>