git: 44f68d063324 - main - security/vuxml: add records for www/gitea < 1.22.6
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 18 Dec 2024 00:08:14 UTC
The branch main has been updated by vvd:
URL: https://cgit.FreeBSD.org/ports/commit/?id=44f68d0633246aad002b7fad7e00041c8226d66b
commit 44f68d0633246aad002b7fad7e00041c8226d66b
Author: Stefan Bethke <stb@lassitu.de>
AuthorDate: 2024-12-18 00:04:58 +0000
Commit: Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2024-12-18 00:04:58 +0000
security/vuxml: add records for www/gitea < 1.22.6
https://github.com/go-gitea/gitea/pull/32810
https://github.com/advisories/GHSA-v778-237x-gjrc
https://github.com/go-gitea/gitea/pull/32791
https://github.com/go-gitea/gitea/pull/32654
https://github.com/go-gitea/gitea/pull/32531
https://github.com/go-gitea/gitea/pull/32473
PR: 283389
---
security/vuxml/vuln/2024.xml | 81 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 81 insertions(+)
diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index 96c33141d418..df792ef7fec6 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -1,3 +1,84 @@
+ <vuln vid="38e6f778-bca3-11ef-8926-9b4f2d14eb53">
+ <topic>gitea -- Fix misuse of PublicKeyCallback</topic>
+ <affects>
+ <package>
+ <name>gitea</name>
+ <range><lt>1.22.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <ul>
+ <li>Misuse of ServerConfig.PublicKeyCallback may cause authorization
+ bypass in golang.org/x/crypto</li>
+ </ul>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/go-gitea/gitea/pull/32810</url>
+ <url>https://github.com/advisories/GHSA-v778-237x-gjrc</url>
+ </references>
+ <dates>
+ <discovery>2024-12-12</discovery>
+ <entry>2024-12-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="453cd84e-bca4-11ef-8926-9b4f2d14eb53">
+ <topic>gitea -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>gitea</name>
+ <range><lt>1.22.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <ul>
+ <li>Fix delete branch perm checking</li>
+ <li>Upgrade crypto library</li>
+ </ul>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/go-gitea/gitea/pull/32791</url>
+ <url>https://github.com/go-gitea/gitea/pull/32654</url>
+ </references>
+ <dates>
+ <discovery>2024-11-27</discovery>
+ <entry>2024-12-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6ea20f0c-bca3-11ef-8926-9b4f2d14eb53">
+ <topic>gitea -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>gitea</name>
+ <range><lt>1.22.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <ul>
+ <li>Fix basic auth with webauthn</li>
+ <li>Refactor internal routers (partial backport, auth token const time comparing)</li>
+ </ul>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/go-gitea/gitea/pull/32531</url>
+ <url>https://github.com/go-gitea/gitea/pull/32473</url>
+ </references>
+ <dates>
+ <discovery>2024-11-16</discovery>
+ <entry>2024-12-17</entry>
+ </dates>
+ </vuln>
+
<vuln vid="5ca064a6-bca1-11ef-8926-9b4f2d14eb53">
<topic>forgejo -- multiple vulnerabilities</topic>
<affects>