git: e8352eb7d977 - main - security/vuxml: Document Gitea multiple vulnerabilities
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 23 Dec 2022 08:38:49 UTC
The branch main has been updated by eduardo:
URL: https://cgit.FreeBSD.org/ports/commit/?id=e8352eb7d977a137398360dd7f207dce6f6672e1
commit e8352eb7d977a137398360dd7f207dce6f6672e1
Author: Stefan Bethke <stb@lassitu.de>
AuthorDate: 2022-12-23 08:33:48 +0000
Commit: Nuno Teixeira <eduardo@FreeBSD.org>
CommitDate: 2022-12-23 08:38:15 +0000
security/vuxml: Document Gitea multiple vulnerabilities
PR: 268512
---
security/vuxml/vuln/2022.xml | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml
index d2706096bc05..0e3c590c0e3e 100644
--- a/security/vuxml/vuln/2022.xml
+++ b/security/vuxml/vuln/2022.xml
@@ -1,3 +1,31 @@
+ <vuln vid="d0da046a-81e6-11ed-96ca-0800277bb8a8">
+ <topic>gitea -- multiple issues</topic>
+ <affects>
+ <package>
+ <name>gitea</name>
+ <range><lt>1.17.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Gitea team reports:</p>
+ <blockquote cite="https://github.com/go-gitea/gitea/pull/21849">
+ <p>Do not allow Ghost access to limited visible user/org</p>
+ </blockquote>
+ <blockquote cite="https://github.com/go-gitea/gitea/pull/21580">
+ <p>Fix package access for admins and inactive users</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/go-gitea/gitea/releases/tag/v1.17.4</url>
+ </references>
+ <dates>
+ <discovery>2022-10-24</discovery>
+ <entry>2022-12-22</entry>
+ </dates>
+ </vuln>
+
<vuln vid="d9e154c9-7de9-11ed-adca-080027d3a315">
<topic>typo3 -- multiple vulnerabilities</topic>
<affects>