Attachment #243426 for bug #272538

View | Details | Raw Unified | Return to bug 272538
Collapse All | Expand All




  <vuln vid="b3f77aae-241c-11ee-9684-c11c23f7b0f9">
    <topic>gitea -- multiple issues</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.20.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/22759">
	  <p>Test if container blob is accessible before mounting.</p>
	</blockquote>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/22175">
	  <p>Set type="password" on all auth_token fields</p>
	  <p>Seen when migrating from other hosting platforms.</p>
	  <p>Prevents exposing the token to screen capture/cameras/eyeballs.</p>
	  <p>Prevents the browser from saving the value in its autocomplete
	    dictionary, which often is not secure.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://blog.gitea.com/release-of-1.20.0</url>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.20.0</url>
    </references>
    <dates>
      <discovery>2023-06-08</discovery>
      <entry>2023-07-05</entry>
    </dates>
  </vuln>

  <vuln vid="41c60e16-2405-11ee-a0d1-84a93843eb75">
    <topic>OpenSSL -- AES-SIV implementation ignores empty associated data entries</topic>
    <affects>

Lines 1-6 Link Here

(-)b/www/gitea/Makefile (-1 / +1 lines)
1	PORTNAME= gitea	1	PORTNAME= gitea
2	DISTVERSIONPREFIX= v	2	DISTVERSIONPREFIX= v
3	DISTVERSION= 1.19.4	3	DISTVERSION= 1.20.0
4	CATEGORIES= www	4	CATEGORIES= www
5	MASTER_SITES= https://github.com/go-gitea/gitea/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/ \	5	MASTER_SITES= https://github.com/go-gitea/gitea/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/ \
6	https://dl.gitea.io/gitea/${DISTVERSION}/	6	https://dl.gitea.io/gitea/${DISTVERSION}/

Lines 1-3 Link Here

(-)b/www/gitea/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1688548753	1	TIMESTAMP = 1689540982
2	SHA256 (gitea-src-1.19.4.tar.gz) = bcd30d10a32952854b506c0f3d584b29f1251668c25a06476398b596236cfb19	2	SHA256 (gitea-src-1.20.0.tar.gz) = 304d9961279a1ebbbfef00450665cba5ff5d2a99745abb6b980aa6cf0dfbb6ae
3	SIZE (gitea-src-1.19.4.tar.gz) = 55781048	3	SIZE (gitea-src-1.20.0.tar.gz) = 49049895

Return to bug 272538

Lines 1-3 Link Here

(-)b/security/vuxml/vuln/2023.xml (+33 lines)
		1	<vuln vid="b3f77aae-241c-11ee-9684-c11c23f7b0f9">
		2	<topic>gitea -- multiple issues</topic>
		3	<affects>
		4	<package>
		5	<name>gitea</name>
		6	<range><lt>1.20.0</lt></range>
		7	</package>
		8	</affects>
		9	<description>
		10	<body xmlns="http://www.w3.org/1999/xhtml">
		11	<p>The Gitea team reports:</p>
		12	<blockquote cite="https://github.com/go-gitea/gitea/pull/22759">
		13	<p>Test if container blob is accessible before mounting.</p>
		14	</blockquote>
		15	<blockquote cite="https://github.com/go-gitea/gitea/pull/22175">
		16	<p>Set type="password" on all auth_token fields</p>
		17	<p>Seen when migrating from other hosting platforms.</p>
		18	<p>Prevents exposing the token to screen capture/cameras/eyeballs.</p>
		19	<p>Prevents the browser from saving the value in its autocomplete
		20	dictionary, which often is not secure.</p>
		21	</blockquote>
		22	</body>
		23	</description>
		24	<references>
		25	<url>https://blog.gitea.com/release-of-1.20.0</url>
		26	<url>https://github.com/go-gitea/gitea/releases/tag/v1.20.0</url>
		27	</references>
		28	<dates>
		29	<discovery>2023-06-08</discovery>
		30	<entry>2023-07-05</entry>
		31	</dates>
		32	</vuln>
		33
1	<vuln vid="41c60e16-2405-11ee-a0d1-84a93843eb75">	34	<vuln vid="41c60e16-2405-11ee-a0d1-84a93843eb75">
2	<topic>OpenSSL -- AES-SIV implementation ignores empty associated data entries</topic>	35	<topic>OpenSSL -- AES-SIV implementation ignores empty associated data entries</topic>
3	<affects>	36	<affects>