git: 19df0c241ebb - main - security/vuxml: Add www/forgejo < 8.0.3 and www/forgejo7 < 7.0.9
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 06 Sep 2024 20:54:23 UTC
The branch main has been updated by vvd:
URL: https://cgit.FreeBSD.org/ports/commit/?id=19df0c241ebb0ce7da82308959ba920eca4290b5
commit 19df0c241ebb0ce7da82308959ba920eca4290b5
Author: Stefan Bethke <stb@lassitu.de>
AuthorDate: 2024-09-06 20:53:19 +0000
Commit: Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2024-09-06 20:53:19 +0000
security/vuxml: Add www/forgejo < 8.0.3 and www/forgejo7 < 7.0.9
PR: 281314
---
security/vuxml/vuln/2024.xml | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index 91c412447f28..6045f3dc6798 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -1,3 +1,36 @@
+ <vuln vid="a5e13973-6c75-11ef-858b-23eeba13701a">
+ <topic>forgejo -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>forgejo</name>
+ <range><lt>8.0.3</lt></range>
+ </package>
+ <package>
+ <name>forgejo7</name>
+ <range><lt>7.0.9</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <ul>
+ <li>Replace v-html with v-text in search inputbox</li>
+ <li>Upgrade webpack to v5.94.0 as a precaution to mitigate
+ CVE-2024-43788, although we were not yet able to confirm that this
+ can be exploited in Forgejo.</li>
+ </ul>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2024-43788</cvename>
+ <url>https://codeberg.org/forgejo/forgejo/milestone/8231</url>
+ </references>
+ <dates>
+ <discovery>2024-09-03</discovery>
+ <entry>2024-09-06</entry>
+ </dates>
+ </vuln>
+
<vuln vid="943f8915-6c5d-11ef-810a-f8b46a88f42c">
<topic> -- </topic>
<affects>