Gitea 1.12.4 has security fixes: <https://github.com/go-gitea/gitea/releases/tag/v1.12.4>. Reproducible: Didn't try
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1fcb8067530b2a251c7f2545fd79ef778a586b4d commit 1fcb8067530b2a251c7f2545fd79ef778a586b4d Author: Ronny (tastytea) Gutbrod <gentoo@tastytea.de> AuthorDate: 2020-08-25 00:24:36 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-10-07 17:01:26 +0000 www-apps/gitea: Version bump 1.12.4. Closes: https://bugs.gentoo.org/740258 Signed-off-by: Ronny (tastytea) Gutbrod <gentoo@tastytea.de> Closes: https://github.com/gentoo/gentoo/pull/17255 Signed-off-by: Sam James <sam@gentoo.org> www-apps/gitea/Manifest | 1 + www-apps/gitea/gitea-1.12.4.ebuild | 135 +++++++++++++++++++++++++++++++++++++ 2 files changed, 136 insertions(+)
Quote from changelog: Escape provider name in oauth2 provider redirect (12648) (12650) Escape Email on password reset page (12610) (12612) When reading expired sessions - expire them (12686) (12690) --- Remember to use the Bug: tag for security bugs :)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df96fef945554f132bbc007be470bc2607e1ed4c commit df96fef945554f132bbc007be470bc2607e1ed4c Author: Sam James <sam@gentoo.org> AuthorDate: 2020-10-07 19:06:20 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-10-07 19:06:36 +0000 www-apps/gitea: security cleanup Closes: https://bugs.gentoo.org/740258 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Sam James <sam@gentoo.org> www-apps/gitea/Manifest | 1 - www-apps/gitea/gitea-1.12.1.ebuild | 126 ------------------------------------- 2 files changed, 127 deletions(-)