Attachment #254597 for bug #282387

View | Details | Raw Unified | Return to bug 282387
Collapse All | Expand All




  <vuln vid="f07c8f87-8e65-11ef-81b8-659bf0027d16">
    <topic>forgejo -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>forgejo</name>
	<range><lt>9.0.1</lt></range>
      </package>
      <package>
	<name>forgejo7</name>
	<range><lt>7.0.10</lt></range>
      </package>
    </affects>
    <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
       <h1>Problem Description:</h1>
       <ul>
       <li>Forgejo generates a token which is used to authenticate web
       endpoints that are only meant to be used internally, for instance
       when the SSH daemon is used to push a commit with Git.  The
       verification of this token was not done in constant time and was
       susceptible to timing attacks.  A pre-condition for such an attack is
       the precise measurements of the time for each operation.  Since it
       requires observing the timing of network operations, the issue is
       mitigated when a Forgejo instance is accessed over the internet
       because the ISP introduce unpredictable random delays.</li>
       <li>Because of a missing permission check, the branch used to propose
       a pull request to a repository can always be deleted by the user
       performing the merge.  It was fixed so that such a deletion is only
       allowed if the user performing the merge has write permission to the
       repository from which the pull request was made.</li>
       </ul>
      </body>
    </description>
    <references>
      <url>https://codeberg.org/forgejo/forgejo/milestone/8544</url>
      <url>https://codeberg.org/forgejo/forgejo/pulls/5719</url>
      <url>https://codeberg.org/forgejo/forgejo/pulls/5718</url>
    </references>
    <dates>
      <discovery>2024-10-28</discovery>
      <entry>2024-10-28</entry>
    </dates>
  </vuln>

  <vuln vid="fafaef4d-f364-4a07-bbdd-bf53448c593c">
    <topic>chromium -- multiple security fixes</topic>
    <affects>

Lines 1-6 Link Here

(-)b/www/forgejo/Makefile (-1 / +1 lines)
1	PORTNAME= forgejo	1	PORTNAME= forgejo
2	DISTVERSIONPREFIX= v	2	DISTVERSIONPREFIX= v
3	DISTVERSION= 9.0.0	3	DISTVERSION= 9.0.1
4	CATEGORIES= www	4	CATEGORIES= www
5	MASTER_SITES= https://codeberg.org/forgejo/forgejo/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/	5	MASTER_SITES= https://codeberg.org/forgejo/forgejo/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/
6	DISTNAME= forgejo-src-${DISTVERSION}	6	DISTNAME= forgejo-src-${DISTVERSION}

Lines 1-3 Link Here

(-)b/www/forgejo/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1729146681	1	TIMESTAMP = 1729375226
2	SHA256 (forgejo-src-9.0.0.tar.gz) = 21364d6c1635711189f25da5dc343b3b28e8ade20a5f00202301ccc364adc1d2	2	SHA256 (forgejo-src-9.0.1.tar.gz) = 6748c49677374947eb619b13f9ede983682ae117b8c0405442cc9afc847c4040
3	SIZE (forgejo-src-9.0.0.tar.gz) = 53905348	3	SIZE (forgejo-src-9.0.1.tar.gz) = 53961959

Return to bug 282387

Lines 1-3 Link Here

(-)b/security/vuxml/vuln/2024.xml (+44 lines)
		1	<vuln vid="f07c8f87-8e65-11ef-81b8-659bf0027d16">
		2	<topic>forgejo -- multiple vulnerabilities</topic>
		3	<affects>
		4	<package>
		5	<name>forgejo</name>
		6	<range><lt>9.0.1</lt></range>
		7	</package>
		8	<package>
		9	<name>forgejo7</name>
		10	<range><lt>7.0.10</lt></range>
		11	</package>
		12	</affects>
		13	<description>
		14	<body xmlns="http://www.w3.org/1999/xhtml">
		15	<h1>Problem Description:</h1>
		16	<ul>
		17	<li>Forgejo generates a token which is used to authenticate web
		18	endpoints that are only meant to be used internally, for instance
		19	when the SSH daemon is used to push a commit with Git. The
		20	verification of this token was not done in constant time and was
		21	susceptible to timing attacks. A pre-condition for such an attack is
		22	the precise measurements of the time for each operation. Since it
		23	requires observing the timing of network operations, the issue is
		24	mitigated when a Forgejo instance is accessed over the internet
		25	because the ISP introduce unpredictable random delays.</li>
		26	<li>Because of a missing permission check, the branch used to propose
		27	a pull request to a repository can always be deleted by the user
		28	performing the merge. It was fixed so that such a deletion is only
		29	allowed if the user performing the merge has write permission to the
		30	repository from which the pull request was made.</li>
		31	</ul>
		32	</body>
		33	</description>
		34	<references>
		35	<url>https://codeberg.org/forgejo/forgejo/milestone/8544</url>
		36	<url>https://codeberg.org/forgejo/forgejo/pulls/5719</url>
		37	<url>https://codeberg.org/forgejo/forgejo/pulls/5718</url>
		38	</references>
		39	<dates>
		40	<discovery>2024-10-28</discovery>
		41	<entry>2024-10-28</entry>
		42	</dates>
		43	</vuln>
		44
1	<vuln vid="fafaef4d-f364-4a07-bbdd-bf53448c593c">	45	<vuln vid="fafaef4d-f364-4a07-bbdd-bf53448c593c">
2	<topic>chromium -- multiple security fixes</topic>	46	<topic>chromium -- multiple security fixes</topic>
3	<affects>	47	<affects>