"SECURITY Double check CloneURL is acceptable (#20869) (#20892) Add more checks in migration code (#21011) (#21050)" Not sure if these are actually vulnerability fixes or just hardening, but in any case we need a bump to 1.17.2.
cp gitea-1.17.1.ebuild gitea-1.17.2.ebuild works for me.
(In reply to Tomáš Mózes from comment #1) > cp gitea-1.17.1.ebuild gitea-1.17.2.ebuild works for me. Make a PR? :)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e172bd677fe11bb073517ac058b154c80b3abecf commit e172bd677fe11bb073517ac058b154c80b3abecf Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-09-28 08:49:07 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-09-29 02:16:02 +0000 www-apps/gitea: security bump to 1.17.2 Bug: https://bugs.gentoo.org/868996 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/27506 Signed-off-by: Sam James <sam@gentoo.org> www-apps/gitea/Manifest | 1 + www-apps/gitea/gitea-1.17.2.ebuild | 125 +++++++++++++++++++++++++++++++++++++ 2 files changed, 126 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be1363f08f70bea68c6a6d0129b6097e70d2be40 commit be1363f08f70bea68c6a6d0129b6097e70d2be40 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-09-29 09:23:53 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-09-29 13:52:52 +0000 www-apps/gitea: drop vulnerable Bug: https://bugs.gentoo.org/868996 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/27524 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-apps/gitea/Manifest | 3 - www-apps/gitea/gitea-1.16.7.ebuild | 118 ---------------------------------- www-apps/gitea/gitea-1.16.9.ebuild | 125 ------------------------------------- www-apps/gitea/gitea-1.17.1.ebuild | 125 ------------------------------------- 4 files changed, 371 deletions(-)
Thanks!
GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3f72d6f5794d0d3c914ffacdf4c915fd8aac8d89 commit 3f72d6f5794d0d3c914ffacdf4c915fd8aac8d89 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:10:13 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:14 +0000 [ GLSA 202210-14 ] Gitea: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/848465 Bug: https://bugs.gentoo.org/857819 Bug: https://bugs.gentoo.org/868996 Bug: https://bugs.gentoo.org/877355 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-14.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+)
GLSA released, all done!