Attachment #248478 for bug #277066

View | Details | Raw Unified | Return to bug 277066
Collapse All | Expand All




      <entry>2024-01-02</entry>
    </dates>
  </vuln>

  <vuln vid="bd7592a1-cbfd-11ee-a42a-5404a6f3ca32">
    <topic>gitea -- Prevent anonymous container access</topic>
    <affects>
      <package>
        <name>gitea</name>
        <range><lt>1.21.5</lt></range>
      </package>
    </affects>
    <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
       <h1>Problem Description:</h1>
    <p>
      Even with RequireSignInView enabled, anonymous users can use docker pull
      to fetch public images.
    </p>
      </body>
    </description>
    <references>
      <url>https://blog.gitea.com/release-of-1.21.5/</url>
    </references>
    <dates>
      <discovery>2024-01-24</discovery>
      <entry>2024-02-15</entry>
    </dates>
  </vuln>

Lines 1-7 Link Here

(-)b/www/gitea/Makefile (-2 / +1 lines)
1	PORTNAME= gitea	1	PORTNAME= gitea
2	DISTVERSIONPREFIX= v	2	DISTVERSIONPREFIX= v
3	DISTVERSION= 1.21.3	3	DISTVERSION= 1.21.5
4	PORTREVISION= 1
5	CATEGORIES= www	4	CATEGORIES= www
6	MASTER_SITES= https://github.com/go-gitea/gitea/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/ \	5	MASTER_SITES= https://github.com/go-gitea/gitea/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/ \
7	https://dl.gitea.io/gitea/${DISTVERSION}/	6	https://dl.gitea.io/gitea/${DISTVERSION}/

Lines 1-3 Link Here

(-)b/www/gitea/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1703201941	1	TIMESTAMP = 1707999597
2	SHA256 (gitea-src-1.21.3.tar.gz) = b490bda7bfbe95bde50f4c98478a80b4539344140ad9290d083e9393e83d33bf	2	SHA256 (gitea-src-1.21.5.tar.gz) = 567245e824acb1062cf3220a997bf160787609f2e2261b8ab6345da8a2101b1c
3	SIZE (gitea-src-1.21.3.tar.gz) = 53775315	3	SIZE (gitea-src-1.21.5.tar.gz) = 53857165

Return to bug 277066

Lines 1667-1669 Link Here

(-)b/security/vuxml/vuln/2024.xml (+26 lines)
1667	<entry>2024-01-02</entry>	1667	<entry>2024-01-02</entry>
1668	</dates>	1668	</dates>
1669	</vuln>	1669	</vuln>
		1670
		1671	<vuln vid="bd7592a1-cbfd-11ee-a42a-5404a6f3ca32">
		1672	<topic>gitea -- Prevent anonymous container access</topic>
		1673	<affects>
		1674	<package>
		1675	<name>gitea</name>
		1676	<range><lt>1.21.5</lt></range>
		1677	</package>
		1678	</affects>
		1679	<description>
		1680	<body xmlns="http://www.w3.org/1999/xhtml">
		1681	<h1>Problem Description:</h1>
		1682	<p>
		1683	Even with RequireSignInView enabled, anonymous users can use docker pull
		1684	to fetch public images.
		1685	</p>
		1686	</body>
		1687	</description>
		1688	<references>
		1689	<url>https://blog.gitea.com/release-of-1.21.5/</url>
		1690	</references>
		1691	<dates>
		1692	<discovery>2024-01-24</discovery>
		1693	<entry>2024-02-15</entry>
		1694	</dates>
		1695	</vuln>