CVE-2022-1058 (https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48): Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. This also fixed several other security issues, from the changelog: "Prevent redirect to Host (2) (#19175) (#19186) Try to prevent autolinking of displaynames by email readers (#19169) (#19183) Clean paths when looking in Storage (#19124) (#19179) Do not send notification emails to inactive users (#19131) (#19139) Do not send activation email if manual confirm is set (#19119) (#19122)"
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99b860baf770849dc16cb7e2b58d346144f129d7 commit 99b860baf770849dc16cb7e2b58d346144f129d7 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-03-25 07:23:58 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-03-25 19:25:35 +0000 www-apps/gitea: security bump to 1.16.5 Bug: https://bugs.gentoo.org/835932 Closes: https://bugs.gentoo.org/835376 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> www-apps/gitea/Manifest | 1 + www-apps/gitea/gitea-1.16.5.ebuild | 107 +++++++++++++++++++++++++++++++++++++ 2 files changed, 108 insertions(+)
Cleanup done in https://github.com/gentoo/gentoo/commit/16285c7de71d0281f3e7d26c7c545eff322a21fe.
