FreeBSD Bugzilla – Attachment 199514 Details for
Bug 233475
www/gitea: Update to 1.6.0 (Fixes security vulnerability)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
vixml entry for four gitea vulns.
vuxml.patch (text/plain), 1.69 KB, created by
Stefan Bethke
on 2018-11-24 16:16:37 UTC
(
hide
)
Description:
vixml entry for four gitea vulns.
Filename:
MIME Type:
Creator:
Stefan Bethke
Created:
2018-11-24 16:16:37 UTC
Size:
1.69 KB
patch
obsolete
>Index: vuln.xml >=================================================================== >--- vuln.xml (revision 485776) >+++ vuln.xml (working copy) >@@ -58,6 +58,40 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="e9d66232-f001-11e8-9a19-080027f43a02"> >+ <topic>gitea -- multiple vulnerabilites</topic> >+ <affects> >+ <package> >+ <name>gitea</name> >+ <range><lt>1.6.0</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>The Gitea project reports:</p> >+ <blockquote cite="https://blog.gitea.io/2018/11/gitea-1.6.0-is-released/"> >+ <p>SECURITY</p> >+ <ul> >+ <li>Improve URL validation for external wiki and external issues (#4710)</li> >+ <li>Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706)</li> >+ <li>Don't disclose emails of all users when sending out emails (#4664)</li> >+ <li>Check that repositories can only be migrated to own user or organizations (#4366)</li> >+ </ul> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://github.com/go-gitea/gitea/pull/4710</url> >+ <url>https://github.com/go-gitea/gitea/pull/4706</url> >+ <url>https://github.com/go-gitea/gitea/pull/4664</url> >+ <url>https://github.com/go-gitea/gitea/pull/4366</url> >+ </references> >+ <dates> >+ <discovery>2018-11-FIXME</discovery> >+ <entry>2018-11-24</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="ec49f6b5-ee39-11e8-b2f4-74d435b63d51"> > <topic>php-imap -- imap_open allows to run arbitrary shell commands via mailbox parameter</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=199514">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 233475
: 199514