Description: "An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another."
Patch: https://github.com/go-gitea/gitea/pull/11438 @maintainer(s), please apply provided patch if it seems appropriate.
Upstream released version 1.11.6[1]: "SECURITY Fix missing authorization check on pull for public repos of private/limited org (#11656) (#11683) Use session for retrieving org teams (#11438) (#11439) " [1] https://github.com/go-gitea/gitea/releases/tag/v1.11.6 My locally bumped ebuild from the main tree works fine on my host.
Thanks. Remember to include Bug: tags in commits so we can see when things get fixed.