Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 835932 (CVE-2022-1058)

Summary: <www-apps/gitea-1.16.5: open redirect on login
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: alarig, maintainer-needed
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d
See Also: https://github.com/gentoo/gentoo/pull/24741
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-24 16:38:59 UTC 
CVE-2022-1058 (https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48):

Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.

This also fixed several other security issues, from the changelog:

"Prevent redirect to Host (2) (#19175) (#19186)
Try to prevent autolinking of displaynames by email readers (#19169) (#19183)
Clean paths when looking in Storage (#19124) (#19179)
Do not send notification emails to inactive users (#19131) (#19139)
Do not send activation email if manual confirm is set (#19119) (#19122)"
Comment 1 Larry the Git Cow gentoo-dev 2022-03-25 19:25:49 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99b860baf770849dc16cb7e2b58d346144f129d7

commit 99b860baf770849dc16cb7e2b58d346144f129d7
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2022-03-25 07:23:58 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-03-25 19:25:35 +0000

    www-apps/gitea: security bump to 1.16.5
    
    Bug: https://bugs.gentoo.org/835932
    Closes: https://bugs.gentoo.org/835376
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 www-apps/gitea/Manifest            |   1 +
 www-apps/gitea/gitea-1.16.5.ebuild | 107 +++++++++++++++++++++++++++++++++++++
 2 files changed, 108 insertions(+)