Attachment 197970 Details for Bug 232123 – patch to vixml to document the fixed vulnerability

[patch] patch to vixml to document the fixed vulnerability

vuxml-gitea-1.5.2.patch (text/plain), 1.26 KB, created by Stefan Bethke on 2018-10-09 16:59:49 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Stefan Bethke

Created: 2018-10-09 16:59:49 UTC

Size: 1.26 KB

patch

obsolete

>Index: vuln.xml
>===================================================================
>--- vuln.xml	(revision 481640)
>+++ vuln.xml	(working copy)
>@@ -58,6 +58,33 @@
> * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
>+ <vuln vid="80a53253-cbe3-11e8-9ffb-080027f43a02">
>+ <topic>Missing authentication checks - unauthorized clients can invoke protected API calls</topic>
>+ <affects>
>+ <package>
>+	<name>gitea</name>
>+	<range><lt>1.5.2</lt></range>
>+ </package>
>+ </affects>
>+ <description>
>+ <body xmlns="http://www.w3.org/1999/xhtml">
>+	The Gitea project reports:
>+	<blockquote cite="https://github.com/go-gitea/gitea/issues/4357">
>+	 [Security] CSRF Vulnerability on API #4357
>+	 A fix has been implemented in Gitea 1.5.2.
>+	</blockquote>
>+ </body>
>+ </description>
>+ <references>
>+ <url>https://github.com/go-gitea/gitea/issues/4357</url>
>+ <url>https://github.com/go-gitea/gitea/pull/4840</url>
>+ </references>
>+ <dates>
>+ <discovery>2018-07-03</discovery>
>+ <entry>2018-10-09</entry>
>+ </dates>
>+ </vuln>
>+
> <vuln vid="23413442-c8ea-11e8-b35c-001b217b3468">
> <topic>Gitlab -- multiple vulnerabilities</topic>
> <affects>

Actions: View | Diff

Attachments on bug 232123: 197969 | 197970