FreeBSD Bugzilla – Attachment 212220 Details for
Bug 244025
www/gitea: Update to 1.11.0 (fixes security vulnerabilities)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
vuxml entry for fixed vulns
vuxml-gitea-1.11.2.patch (text/plain), 2.30 KB, created by
Stefan Bethke
on 2020-03-07 15:22:14 UTC
(
hide
)
Description:
vuxml entry for fixed vulns
Filename:
MIME Type:
Creator:
Stefan Bethke
Created:
2020-03-07 15:22:14 UTC
Size:
2.30 KB
patch
obsolete
>Index: vuln.xml >=================================================================== >--- vuln.xml (revision 527936) >+++ vuln.xml (working copy) >@@ -58,6 +58,53 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="be088777-6085-11ea-8609-08002731610e"> >+ <topic>gitea -- multiple vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>gitea</name> >+ <range><lt>1.11.2</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>The Gitea Team reports for release 1.11.0:</p> >+ <blockquote cite="https://github.com/go-gitea/gitea/releases/tag/v1.11.0"> >+ <ul> >+ <li>Never allow an empty password to validate (#9682) (#9683)</li> >+ <li>Prevent redirect to Host (#9678) (#9679)</li> >+ <li>Swagger hide search field (#9554)</li> >+ <li>Add "search" to reserved usernames (#9063)</li> >+ <li>Switch to fomantic-ui (#9374)</li> >+ <li>Only serve attachments when linked to issue/release and if accessible by user (#9340)</li> >+ </ul> >+ </blockquote> >+ <p>The Gitea Team reports for release 1.11.2:</p> >+ <blockquote cite="https://github.com/go-gitea/gitea/releases/tag/v1.11.2"> >+ <ul> >+ <li>Ensure only own addresses are updated (#10397) (#10399)</li> >+ <li>Logout POST action (#10582) (#10585)</li> >+ <li>Org action fixes and form cleanup (#10512) (#10514)v >+ <li>Change action GETs to POST (#10462) (#10464)</li> >+ <li>Fix admin notices (#10480) (#10483)</li> >+ <li>Change admin dashboard to POST (#10465) (#10466)</li> >+ <li>Update markbates/goth (#10444) (#10445)</li> >+ <li>Update crypto vendors (#10385) (#10398)</li> >+ </ul> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://blog.gitea.io/2020/02/gitea-1.11.0-is-released/</url> >+ <url>https://blog.gitea.io/2020/03/gitea-1.11.2-is-released/</url> >+ <freebsdpr>ports/244025</freebsdpr> >+ </references> >+ <dates> >+ <discovery>2019-11-18</discovery> >+ <entry>2020-03-07</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="8c98e643-6008-11ea-af63-38d547003487"> > <topic>salt -- salt-api vulnerability</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=212220">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 244025
:
212219
| 212220 |
212223