Bug 754948

Summary:	<www-apps/gitea-1.12.6: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	trivial	CC:	nemunaire, proxy-maint
Priority:	Normal	Keywords:	PullRequest
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://github.com/gentoo/gentoo/pull/18355
Whiteboard:	~3 [noglsa]
Package list:		Runtime testing required:	---
Bug Depends on:	750686
Bug Blocks:

Description Sam James archtester

2020-11-16 18:48:54 UTC

"SECURITY
Prevent git operations for inactive users (#13527) (#13537)
Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525)"

https://github.com/go-gitea/gitea/pull/13527
https://github.com/go-gitea/gitea/pull/13537
https://github.com/go-gitea/gitea/pull/13521
https://github.com/go-gitea/gitea/pull/13525

Comment 1 Sam James archtester

2020-11-16 18:49:18 UTC

Please bump.

Comment 2 Larry the Git Cow gentoo-dev

2020-11-24 13:26:21 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d086d664a10d291ee5a822fb98e79f21093567e5

commit d086d664a10d291ee5a822fb98e79f21093567e5
Author:     Ronny (tastytea) Gutbrod <gentoo@tastytea.de>
AuthorDate: 2020-11-22 03:42:25 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2020-11-24 13:26:08 +0000

    www-apps/gitea: Version bump 1.12.6.
    
    Bug: https://bugs.gentoo.org/754948
    
    Signed-off-by: Ronny (tastytea) Gutbrod <gentoo@tastytea.de>
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-apps/gitea/Manifest            |   1 +
 www-apps/gitea/gitea-1.12.6.ebuild | 135 +++++++++++++++++++++++++++++++++++++
 2 files changed, 136 insertions(+)

Comment 3 Sam James archtester

2020-11-24 15:01:37 UTC

Tree is clean, all done, thanks!