Summary: | <www-apps/gitea-1.11.6: Denial of service via repo organisation transfer (CVE-2020-13246) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | nemunaire, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/go-gitea/gitea/issues/10549 | ||
Whiteboard: | ~3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2020-05-20 19:55:14 UTC
Patch: https://github.com/go-gitea/gitea/pull/11438 @maintainer(s), please apply provided patch if it seems appropriate. Upstream released version 1.11.6[1]: "SECURITY Fix missing authorization check on pull for public repos of private/limited org (#11656) (#11683) Use session for retrieving org teams (#11438) (#11439) " [1] https://github.com/go-gitea/gitea/releases/tag/v1.11.6 My locally bumped ebuild from the main tree works fine on my host. Thanks. Remember to include Bug: tags in commits so we can see when things get fixed. |