[Bug 279781] www/forgejo: update to 7.0.4 (fixes security vulnerabilities)

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 19 Jun 2024 06:37:45 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279781

--- Comment #2 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=be43fb2830c94e23e0d9aa49ef9b982b0ab31e2c

commit be43fb2830c94e23e0d9aa49ef9b982b0ab31e2c
Author:     Stefan Bethke <stb@lassitu.de>
AuthorDate: 2024-06-17 17:16:10 +0000
Commit:     Fernando ApesteguĂ­a <fernape@FreeBSD.org>
CommitDate: 2024-06-19 06:37:17 +0000

    www/forgejo: update to 7.0.4 (fixes security vulnerabilities)

    CVE-2024-24789: the archive/zip package's handling of certain types of
invalid
    zip files differs from the behavior of most zip implementations. This
    misalignment could be exploited to create an zip file with contents that
vary
    depending on the implementation reading the file.

    PR:             279781
    Reported by:    stb@lassitu.de (maintainer)
    MFH:            2024Q2
    Security:       CVE-2024-24789

 www/forgejo/Makefile | 3 +--
 www/forgejo/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)

-- 
You are receiving this mail because:
You are the assignee for the bug.