Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 887825 - <www-apps/gitea-1.17.4: multiple vulnerabilities
Summary: <www-apps/gitea-1.17.4: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/go-gitea/gitea/rel...
Whiteboard: B4 [glsa+]
Keywords: PullRequest
Depends on: 888491
Blocks:
  Show dependency tree
 
Reported: 2022-12-22 03:49 UTC by John Helmert III
Modified: 2023-12-23 09:41 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-22 03:49:47 UTC
From url:
"  * Do not allow Ghost access to limited visible user/org (#21849) (#21875)
  * Fix package access for admins and inactive users (#21580) (#21592)"

Needs bump to 1.17.4.
Comment 1 Larry the Git Cow gentoo-dev 2022-12-24 07:18:17 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df52d7abfdff68ab13bc44c6cffaeb209fd79e0f

commit df52d7abfdff68ab13bc44c6cffaeb209fd79e0f
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2022-12-22 04:31:08 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-12-24 07:17:06 +0000

    www-apps/gitea: add 1.17.4
    
    Bug: https://bugs.gentoo.org/887825
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/28753
    Signed-off-by: Sam James <sam@gentoo.org>

 www-apps/gitea/Manifest            |   1 +
 www-apps/gitea/gitea-1.17.4.ebuild | 125 +++++++++++++++++++++++++++++++++++++
 2 files changed, 126 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2022-12-27 01:31:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dfd24d02447979c78904f455195713317f662bde

commit dfd24d02447979c78904f455195713317f662bde
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-12-26 20:31:12 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-12-27 01:31:24 +0000

    www-apps/gitea: drop 1.17.3
    
    Bug: https://bugs.gentoo.org/887825
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 www-apps/gitea/Manifest            |   1 -
 www-apps/gitea/gitea-1.17.3.ebuild | 125 -------------------------------------
 2 files changed, 126 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2023-12-23 09:40:00 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=78c91985a976aea4687d6ddfc98944f32f41ef48

commit 78c91985a976aea4687d6ddfc98944f32f41ef48
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-12-23 09:39:06 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-12-23 09:39:49 +0000

    [ GLSA 202312-13 ] Gitea: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/887825
    Bug: https://bugs.gentoo.org/891983
    Bug: https://bugs.gentoo.org/905886
    Bug: https://bugs.gentoo.org/918674
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202312-13.xml | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)