Bug 889010

Summary:	<www-apps/gitea-1.18.0: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	ajak, dlan, i, maintainer-needed, proxy-maint
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/go-gitea/gitea/releases/tag/v1.18.0
Whiteboard:	B4 [glsa?]
Package list:		Runtime testing required:	---

Description John Helmert III archtester

2022-12-30 18:12:42 UTC

"* SECURITY
  * Remove ReverseProxy authentication from the API (#22219) (#22251)
  * Support Go Vulnerability Management (#21139)
  * Forbid HTML string tooltips (#20935)"

Needs bump to 1.18.0. Not sure if any of this really deserves a CVE.

Comment 1 jon R-B 2022-12-31 16:15:02 UTC

https://github.com/gentoo/gentoo/pull/28904

Comment 2 Larry the Git Cow gentoo-dev

2022-12-31 19:25:22 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad1005791827a64477d8577281c409abcdbe479d

commit ad1005791827a64477d8577281c409abcdbe479d
Author:     JonRB <jon.roadleybattin@gmail.com>
AuthorDate: 2022-12-30 22:53:59 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-12-31 19:25:08 +0000

    www-apps/gitea: add 1.18.0
    
    Bug: https://bugs.gentoo.org/889010
    Signed-off-by: JonRB <jon.roadleybattin@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/28904
    Signed-off-by: Sam James <sam@gentoo.org>

 www-apps/gitea/Manifest            |   1 +
 www-apps/gitea/gitea-1.18.0.ebuild | 125 +++++++++++++++++++++++++++++++++++++
 2 files changed, 126 insertions(+)

Comment 3 Hans de Graaff gentoo-dev

2023-10-14 07:46:49 UTC

commit 77065d781482e0e4638458bbf3d4dba686edf9f9
Author: John Helmert III <ajak@gentoo.org>
Date:   Fri Jan 27 21:43:54 2023 -0600

    www-apps/gitea: drop 1.17.4, 1.18.0

Comment 4 John Helmert III archtester

2024-02-19 06:29:45 UTC

Definitely didn't mean to assign myself...

All done.