FreeBSD Bugzilla – Attachment 253381 Details for
Bug 281314
www/forgejo: update to 8.0.3 (fixes security vulnerability)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to update the port to 8.0.3 plus vuxml entry
forgejo-8.0.3.patch (text/plain), 2.02 KB, created by
Stefan Bethke
on 2024-09-06 17:33:27 UTC
(
hide
)
Description:
patch to update the port to 8.0.3 plus vuxml entry
Filename:
MIME Type:
Creator:
Stefan Bethke
Created:
2024-09-06 17:33:27 UTC
Size:
2.02 KB
patch
obsolete
>diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml >index 91c412447f28..0690394b4fff 100644 >--- a/security/vuxml/vuln/2024.xml >+++ b/security/vuxml/vuln/2024.xml >@@ -1,3 +1,31 @@ >+ <vuln vid="a5e13973-6c75-11ef-858b-23eeba13701a"> >+ <topic>forgejo -- multiple issues</topic> >+ <affects> >+ <package> >+ <name>forgejo</name> >+ <range><lt>8.0.3</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <h1>Problem Description:</h1> >+ <ul> >+ <li>Replace v-html with v-text in search inputbox</li> >+ <li>Upgrade webpack to v5.94.0 as a precaution to mitigate >+ CVE-2024-43788, although we were not yet able to confirm that this >+ can be exploited in Forgejo.</li> >+ </ul> >+ </body> >+ </description> >+ <references> >+ <url>https://codeberg.org/forgejo/forgejo/milestone/8231</url> >+ </references> >+ <dates> >+ <discovery>2024-09-03</discovery> >+ <entry>2024-09-06</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="943f8915-6c5d-11ef-810a-f8b46a88f42c"> > <topic> -- </topic> > <affects> >diff --git a/www/forgejo/Makefile b/www/forgejo/Makefile >index a23e09ec68d9..92d8a0476152 100644 >--- a/www/forgejo/Makefile >+++ b/www/forgejo/Makefile >@@ -1,6 +1,6 @@ > PORTNAME= forgejo > DISTVERSIONPREFIX= v >-DISTVERSION= 8.0.2 >+DISTVERSION= 8.0.3 > CATEGORIES= www > MASTER_SITES= https://codeberg.org/forgejo/forgejo/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/ > DISTNAME= forgejo-src-${DISTVERSION} >diff --git a/www/forgejo/distinfo b/www/forgejo/distinfo >index 029c0eec019a..625faaffabab 100644 >--- a/www/forgejo/distinfo >+++ b/www/forgejo/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1725002785 >-SHA256 (forgejo-src-8.0.2.tar.gz) = 36929dbc206753f80766ea59b35adaf3cb28ed53fc89ac8640271f8766673546 >-SIZE (forgejo-src-8.0.2.tar.gz) = 53459258 >+TIMESTAMP = 1725643658 >+SHA256 (forgejo-src-8.0.3.tar.gz) = b543532cf01453967c331063639b172600cccd62d815e6815a4f05a25a0b0795 >+SIZE (forgejo-src-8.0.3.tar.gz) = 53477625
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=253381">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
stb
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 281314
: 253381