Attachment #212220 for bug #244025

View | Details | Raw Unified | Return to bug 244025 | Differences between
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="be088777-6085-11ea-8609-08002731610e">
    <topic>gitea -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.11.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea Team reports for release 1.11.0:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/releases/tag/v1.11.0">
	  <ul>
            <li>Never allow an empty password to validate (#9682) (#9683)</li>
            <li>Prevent redirect to Host (#9678) (#9679)</li>
            <li>Swagger hide search field (#9554)</li>
            <li>Add "search" to reserved usernames (#9063)</li>
            <li>Switch to fomantic-ui (#9374)</li>
            <li>Only serve attachments when linked to issue/release and if accessible by user (#9340)</li>
	  </ul>
	</blockquote>
	<p>The Gitea Team reports for release 1.11.2:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/releases/tag/v1.11.2">
	  <ul>
            <li>Ensure only own addresses are updated (#10397) (#10399)</li>
            <li>Logout POST action (#10582) (#10585)</li>
            <li>Org action fixes and form cleanup (#10512) (#10514)v
            <li>Change action GETs to POST (#10462) (#10464)</li>
            <li>Fix admin notices (#10480) (#10483)</li>
            <li>Change admin dashboard to POST (#10465) (#10466)</li>
            <li>Update markbates/goth (#10444) (#10445)</li>
            <li>Update crypto vendors (#10385) (#10398)</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://blog.gitea.io/2020/02/gitea-1.11.0-is-released/</url>
      <url>https://blog.gitea.io/2020/03/gitea-1.11.2-is-released/</url>
      <freebsdpr>ports/244025</freebsdpr>
    </references>
    <dates>
      <discovery>2019-11-18</discovery>
      <entry>2020-03-07</entry>
    </dates>
  </vuln>

  <vuln vid="8c98e643-6008-11ea-af63-38d547003487">
    <topic>salt -- salt-api vulnerability</topic>
    <affects>

Return to bug 244025

Lines 58-63 Link Here

(-)vuln.xml (+47 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="be088777-6085-11ea-8609-08002731610e">
		62	<topic>gitea -- multiple vulnerabilities</topic>
		63	<affects>
		64	<package>
		65	<name>gitea</name>
		66	<range><lt>1.11.2</lt></range>
		67	</package>
		68	</affects>
		69	<description>
		70	<body xmlns="http://www.w3.org/1999/xhtml">
		71	<p>The Gitea Team reports for release 1.11.0:</p>
		72	<blockquote cite="https://github.com/go-gitea/gitea/releases/tag/v1.11.0">
		73	<ul>
		74	<li>Never allow an empty password to validate (#9682) (#9683)</li>
		75	<li>Prevent redirect to Host (#9678) (#9679)</li>
		76	<li>Swagger hide search field (#9554)</li>
		77	<li>Add "search" to reserved usernames (#9063)</li>
		78	<li>Switch to fomantic-ui (#9374)</li>
		79	<li>Only serve attachments when linked to issue/release and if accessible by user (#9340)</li>
		80	</ul>
		81	</blockquote>
		82	<p>The Gitea Team reports for release 1.11.2:</p>
		83	<blockquote cite="https://github.com/go-gitea/gitea/releases/tag/v1.11.2">
		84	<ul>
		85	<li>Ensure only own addresses are updated (#10397) (#10399)</li>
		86	<li>Logout POST action (#10582) (#10585)</li>
		87	<li>Org action fixes and form cleanup (#10512) (#10514)v
		88	<li>Change action GETs to POST (#10462) (#10464)</li>
		89	<li>Fix admin notices (#10480) (#10483)</li>
		90	<li>Change admin dashboard to POST (#10465) (#10466)</li>
		91	<li>Update markbates/goth (#10444) (#10445)</li>
		92	<li>Update crypto vendors (#10385) (#10398)</li>
		93	</ul>
		94	</blockquote>
		95	</body>
		96	</description>
		97	<references>
		98	<url>https://blog.gitea.io/2020/02/gitea-1.11.0-is-released/</url>
		99	<url>https://blog.gitea.io/2020/03/gitea-1.11.2-is-released/</url>
		100	<freebsdpr>ports/244025</freebsdpr>
		101	</references>
		102	<dates>
		103	<discovery>2019-11-18</discovery>
		104	<entry>2020-03-07</entry>
		105	</dates>
		106	</vuln>
		107
61	<vuln vid="8c98e643-6008-11ea-af63-38d547003487">	108	<vuln vid="8c98e643-6008-11ea-af63-38d547003487">
62	<topic>salt -- salt-api vulnerability</topic>	109	<topic>salt -- salt-api vulnerability</topic>
63	<affects>	110	<affects>