Summary: | <www-apps/gitea-1.16.9: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | contact, hydrapolic, proxy-maint |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/go-gitea/gitea/releases/tag/v1.16.9 | ||
See Also: | https://github.com/gentoo/gentoo/pull/26516 | ||
Whiteboard: | B4 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 861944 | ||
Bug Blocks: |
Description
John Helmert III
2022-07-12 21:54:12 UTC
*** Bug 858803 has been marked as a duplicate of this bug. *** The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=79c2317ae6ecfb838ebcaafc5783ad66aac32d3c commit 79c2317ae6ecfb838ebcaafc5783ad66aac32d3c Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-07-22 10:56:19 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-07-23 09:13:32 +0000 www-apps/gitea: security bump to 1.16.9, drop vulnerable Bug: https://bugs.gentoo.org/857819 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/26516 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-apps/gitea/Manifest | 2 +- www-apps/gitea/{gitea-1.16.8.ebuild => gitea-1.16.9.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-) Thanks! Please stable when ready (In reply to John Helmert III from comment #0) > "* SECURITY > * Add write check for creating Commit status > (https://github.com/go-gitea/gitea/pull/20332) > (https://github.com/go-gitea/gitea/pull/20334) > * Check for permission when fetching user controlled issues > (https://github.com/go-gitea/gitea/pull/20133) > (https://github.com/go-gitea/gitea/pull/20196)" > > Please bump to 1.16.9. The second issue seems to have been assigned CVE-2022-38183. Minimal impact, no glsa. We've got a bunch of Gitea bugs so we'll GLSA them all together. GLSA request filed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3f72d6f5794d0d3c914ffacdf4c915fd8aac8d89 commit 3f72d6f5794d0d3c914ffacdf4c915fd8aac8d89 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:10:13 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:14 +0000 [ GLSA 202210-14 ] Gitea: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/848465 Bug: https://bugs.gentoo.org/857819 Bug: https://bugs.gentoo.org/868996 Bug: https://bugs.gentoo.org/877355 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-14.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) GLSA released, all done! |