Attachment #250899 for bug #279250

View | Details | Raw Unified | Return to bug 279250
Collapse All | Expand All




  <vuln vid="bd0c866f-1901-11ef-a9b5-af0cd803f382">
    <topic>forgejo -- improper sanitation of user input</topic>
    <affects>
      <package>
	<name></name>
	<range><lt></lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Forgejo team reports:</p>
	<blockquote cite="https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-3">
	  <p>Fixed: backticks in mermaid block diagram labels are not sanitized properly..</p>
	</blockquote>
	</body>
    </description>
    <references>
      <url>https://github.com/mermaid-js/mermaid/commit/c7fe9a646574597adefe3e6fb2b3707112a151aa</url>
    </references>
    <dates>
      <discovery>2024-05-14</discovery>
      <entry>2024-05-23</entry>
    </dates>
  </vuln>

  <vuln vid="f848ef90-1848-11ef-9850-001b217b3468">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>

Lines 1-6 Link Here

(-)b/www/forgejo/Makefile (-1 / +5 lines)
1	PORTNAME= forgejo	1	PORTNAME= forgejo
2	DISTVERSIONPREFIX= v	2	DISTVERSIONPREFIX= v
3	DISTVERSION= 7.0.2	3	DISTVERSION= 7.0.3
4	CATEGORIES= www	4	CATEGORIES= www
5	MASTER_SITES= https://codeberg.org/forgejo/forgejo/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/	5	MASTER_SITES= https://codeberg.org/forgejo/forgejo/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/
6	DISTNAME= forgejo-src-${DISTVERSION}	6	DISTNAME= forgejo-src-${DISTVERSION}
Lines 75-80 do-install: Link Here
75	${STAGEDIR}${ETCDIR}/conf/app.ini.sample	75	${STAGEDIR}${ETCDIR}/conf/app.ini.sample
76	${INSTALL_DATA} ${WRKSRC}/custom/conf/app.example.ini \	76	${INSTALL_DATA} ${WRKSRC}/custom/conf/app.example.ini \
77	${STAGEDIR}${ETCDIR}/conf/app.ini.defaults	77	${STAGEDIR}${ETCDIR}/conf/app.ini.defaults
		78	${MKDIR} ${STAGEDIR}${DATADIR}
		79	${MKDIR} ${STAGEDIR}/var/db/forgejo/data
		80	${MKDIR} ${STAGEDIR}/var/db/forgejo/forgejo-repositories
		81	${MKDIR} ${STAGEDIR}/var/log/forgejo
78		82
79	do-install-BINDATA-off:	83	do-install-BINDATA-off:
80	cd ${WRKSRC} && \	84	cd ${WRKSRC} && \

Lines 1-3 Link Here

(-)b/www/forgejo/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1715265831	1	TIMESTAMP = 1716464783
2	SHA256 (forgejo-src-7.0.2.tar.gz) = 39b2079be7671f2248dcc36377ae20be65f20695d7f968ae227c0fc55dacca06	2	SHA256 (forgejo-src-7.0.3.tar.gz) = c9e85222eb27508e74a284cb125df7c6d7cfc31f52c62f1e305d2aeb1bdb7abc
3	SIZE (forgejo-src-7.0.2.tar.gz) = 54862292	3	SIZE (forgejo-src-7.0.3.tar.gz) = 54895104

Lines 1-3 Link Here

(-)b/www/forgejo/pkg-plist (+4 lines)
1	@sample %%ETCDIR%%/conf/app.ini.sample	1	@sample %%ETCDIR%%/conf/app.ini.sample
2	%%ETCDIR%%/conf/app.ini.defaults	2	%%ETCDIR%%/conf/app.ini.defaults
3	sbin/forgejo	3	sbin/forgejo
		4	@dir share/forgejo
		5	@dir(git,git,755) /var/db/forgejo
		6	@dir(git,git,755) /var/db/forgejo/forgejo-repositories
		7	@dir(git,git,755) /var/log/forgejo

Return to bug 279250

Lines 1-3 Link Here

(-)b/security/vuxml/vuln/2024.xml (+25 lines)
		1	<vuln vid="bd0c866f-1901-11ef-a9b5-af0cd803f382">
		2	<topic>forgejo -- improper sanitation of user input</topic>
		3	<affects>
		4	<package>
		5	<name></name>
		6	<range><lt></lt></range>
		7	</package>
		8	</affects>
		9	<description>
		10	<body xmlns="http://www.w3.org/1999/xhtml">
		11	<p>The Forgejo team reports:</p>
		12	<blockquote cite="https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-3">
		13	<p>Fixed: backticks in mermaid block diagram labels are not sanitized properly..</p>
		14	</blockquote>
		15	</body>
		16	</description>
		17	<references>
		18	<url>https://github.com/mermaid-js/mermaid/commit/c7fe9a646574597adefe3e6fb2b3707112a151aa</url>
		19	</references>
		20	<dates>
		21	<discovery>2024-05-14</discovery>
		22	<entry>2024-05-23</entry>
		23	</dates>
		24	</vuln>
		25
1	<vuln vid="f848ef90-1848-11ef-9850-001b217b3468">	26	<vuln vid="f848ef90-1848-11ef-9850-001b217b3468">
2	<topic>Gitlab -- Vulnerabilities</topic>	27	<topic>Gitlab -- Vulnerabilities</topic>
3	<affects>	28	<affects>