FreeBSD Bugzilla – Attachment 244378 Details for
Bug 273379
www/gitea: Update to 1.20.3 (fixes security vulnerabilities)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to update port to 1.20.3 plus vuxml entry
gitea-1.20.3.patch (text/plain), 2.19 KB, created by
Stefan Bethke
on 2023-08-27 08:20:26 UTC
(
hide
)
Description:
patch to update port to 1.20.3 plus vuxml entry
Filename:
MIME Type:
Creator:
Stefan Bethke
Created:
2023-08-27 08:20:26 UTC
Size:
2.19 KB
patch
obsolete
>diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml >index 0173656d4737..26331c341905 100644 >--- a/security/vuxml/vuln/2023.xml >+++ b/security/vuxml/vuln/2023.xml >@@ -1,3 +1,33 @@ >+ <vuln vid="36a37c92-44b1-11ee-b091-6162c1274384"> >+ <topic>gitea -- information disclosure</topic> >+ <affects> >+ <package> >+ <name>gitea</name> >+ <range><lt>1.20.3</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>The Gitea team reports:</p> >+ <blockquote cite="https://github.com/go-gitea/gitea/pull/25097"> >+ <p>Fix API leaking Usermail if not logged in</p> >+ <p>The API should only return the real Mail of a User, if the >+ caller is logged in. The check do to this don't work. This PR >+ fixes this. This not really a security issue, but can lead to >+ Spam.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://blog.gitea.com/release-of-1.20.3</url> >+ <url>https://github.com/go-gitea/gitea/releases/tag/v1.20.3</url> >+ </references> >+ <dates> >+ <discovery>2023-06-06</discovery> >+ <entry>2023-08-27</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="5fa332b9-4269-11ee-8290-a8a1599412c6"> > <topic>chromium -- multiple vulnerabilities</topic> > <affects> >diff --git a/www/gitea/Makefile b/www/gitea/Makefile >index a700a3f42d09..a17c1a2a6746 100644 >--- a/www/gitea/Makefile >+++ b/www/gitea/Makefile >@@ -1,7 +1,6 @@ > PORTNAME= gitea > DISTVERSIONPREFIX= v >-DISTVERSION= 1.20.2 >-PORTREVISION= 1 >+DISTVERSION= 1.20.3 > CATEGORIES= www > MASTER_SITES= https://github.com/go-gitea/gitea/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/ \ > https://dl.gitea.io/gitea/${DISTVERSION}/ >diff --git a/www/gitea/distinfo b/www/gitea/distinfo >index f51a17f7f0cf..15f7cc1b5043 100644 >--- a/www/gitea/distinfo >+++ b/www/gitea/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1690638651 >-SHA256 (gitea-src-1.20.2.tar.gz) = 6bcf25b5f94e71941559c1230b7afaadb3d293a2d1b404dc11079c62dff0834e >-SIZE (gitea-src-1.20.2.tar.gz) = 49235256 >+TIMESTAMP = 1693123743 >+SHA256 (gitea-src-1.20.3.tar.gz) = 727eb56799d8326cd2a07703a17c2e866f88327ebe88860f8bb2b1ccefdbe4dc >+SIZE (gitea-src-1.20.3.tar.gz) = 50431961
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=244378">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 273379
: 244378