FreeBSD Bugzilla – Attachment 248478 Details for
Bug 277066
www/gitea: update to 1.21.5 (fixes security vulnerabilities)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch 1.21.5
file_277066.txt (text/plain), 1.95 KB, created by
Paul Armstrong
on 2024-02-15 12:35:29 UTC
(
hide
)
Description:
Patch 1.21.5
Filename:
MIME Type:
Creator:
Paul Armstrong
Created:
2024-02-15 12:35:29 UTC
Size:
1.95 KB
patch
obsolete
>diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml >index 883c7166945..83e39e81fc4 100644 >--- a/security/vuxml/vuln/2024.xml >+++ b/security/vuxml/vuln/2024.xml >@@ -1667,3 +1667,29 @@ > <entry>2024-01-02</entry> > </dates> > </vuln> >+ >+ <vuln vid="bd7592a1-cbfd-11ee-a42a-5404a6f3ca32"> >+ <topic>gitea -- Prevent anonymous container access</topic> >+ <affects> >+ <package> >+ <name>gitea</name> >+ <range><lt>1.21.5</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <h1>Problem Description:</h1> >+ <p> >+ Even with RequireSignInView enabled, anonymous users can use docker pull >+ to fetch public images. >+ </p> >+ </body> >+ </description> >+ <references> >+ <url>https://blog.gitea.com/release-of-1.21.5/</url> >+ </references> >+ <dates> >+ <discovery>2024-01-24</discovery> >+ <entry>2024-02-15</entry> >+ </dates> >+ </vuln> >diff --git a/www/gitea/Makefile b/www/gitea/Makefile >index f1bd80dba66..874f8b301fc 100644 >--- a/www/gitea/Makefile >+++ b/www/gitea/Makefile >@@ -1,7 +1,6 @@ > PORTNAME= gitea > DISTVERSIONPREFIX= v >-DISTVERSION= 1.21.3 >-PORTREVISION= 1 >+DISTVERSION= 1.21.5 > CATEGORIES= www > MASTER_SITES= https://github.com/go-gitea/gitea/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/ \ > https://dl.gitea.io/gitea/${DISTVERSION}/ >diff --git a/www/gitea/distinfo b/www/gitea/distinfo >index 93f0353acb6..67c01eba3e5 100644 >--- a/www/gitea/distinfo >+++ b/www/gitea/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1703201941 >-SHA256 (gitea-src-1.21.3.tar.gz) = b490bda7bfbe95bde50f4c98478a80b4539344140ad9290d083e9393e83d33bf >-SIZE (gitea-src-1.21.3.tar.gz) = 53775315 >+TIMESTAMP = 1707999597 >+SHA256 (gitea-src-1.21.5.tar.gz) = 567245e824acb1062cf3220a997bf160787609f2e2261b8ab6345da8a2101b1c >+SIZE (gitea-src-1.21.5.tar.gz) = 53857165
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=248478">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 277066
: 248478