FreeBSD Bugzilla – Attachment 248713 Details for
Bug 277275
www/gitea: update to 1.21.6 (fixes security vulnerabilities)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to update the port to 1.21.6, vuxml entry
gitea-1.21.6.patch (text/plain), 2.01 KB, created by
Stefan Bethke
on 2024-02-24 09:15:11 UTC
(
hide
)
Description:
patch to update the port to 1.21.6, vuxml entry
Filename:
MIME Type:
Creator:
Stefan Bethke
Created:
2024-02-24 09:15:11 UTC
Size:
2.01 KB
patch
obsolete
>diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml >index 2f805fb09d51..8f7efef2cab1 100644 >--- a/security/vuxml/vuln/2024.xml >+++ b/security/vuxml/vuln/2024.xml >@@ -1,3 +1,30 @@ >+ <vuln vid="5ecfb588-d2f4-11ee-ad82-dbdfaa8acfc2"> >+ <topic>gitea -- Fix XSS vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>gitea</name> >+ <range><lt>1.21.6</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <h1>Problem Description:</h1> >+ <ul> >+ <li>The Wiki page did not sanitize author name</li> >+ <li>the reviewer name on a "dismiss review" comment is also affected</li> >+ <li>the migration page has some spots</li> >+ </ul> >+ </body> >+ </description> >+ <references> >+ <url>https://blog.gitea.com/release-of-1.21.6/</url> >+ </references> >+ <dates> >+ <discovery>2024-02-23</discovery> >+ <entry>2024-02-24</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="6a851dc0-cfd2-11ee-ac09-6c3be5272acd"> > <topic>Grafana -- Email verification is not required after email change</topic> > <affects> >diff --git a/www/gitea/Makefile b/www/gitea/Makefile >index 874f8b301fc9..879ef454f767 100644 >--- a/www/gitea/Makefile >+++ b/www/gitea/Makefile >@@ -1,6 +1,6 @@ > PORTNAME= gitea > DISTVERSIONPREFIX= v >-DISTVERSION= 1.21.5 >+DISTVERSION= 1.21.6 > CATEGORIES= www > MASTER_SITES= https://github.com/go-gitea/gitea/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/ \ > https://dl.gitea.io/gitea/${DISTVERSION}/ >diff --git a/www/gitea/distinfo b/www/gitea/distinfo >index 3119d9bd8c5b..48ccef1670c6 100644 >--- a/www/gitea/distinfo >+++ b/www/gitea/distinfo >@@ -1,4 +1,3 @@ >-TIMESTAMP = 1707999597 >-SHA256 (gitea-src-1.21.5.tar.gz) = 567245e824acb1062cf3220a997bf160787609f2e2261b8ab6345da8a2101b1c >-SIZE (gitea-src-1.21.5.tar.gz) = 53857165 >- >+TIMESTAMP = 1708765589 >+SHA256 (gitea-src-1.21.6.tar.gz) = b62c568a98951ee81a713cc1bab7607e22e72b25430dca823e5cac8f60e85a38 >+SIZE (gitea-src-1.21.6.tar.gz) = 53877177
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=248713">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 277275
: 248713