"* SECURITY * Add write check for creating Commit status (https://github.com/go-gitea/gitea/pull/20332) (https://github.com/go-gitea/gitea/pull/20334) * Check for permission when fetching user controlled issues (https://github.com/go-gitea/gitea/pull/20133) (https://github.com/go-gitea/gitea/pull/20196)" Please bump to 1.16.9.
*** Bug 858803 has been marked as a duplicate of this bug. ***
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=79c2317ae6ecfb838ebcaafc5783ad66aac32d3c commit 79c2317ae6ecfb838ebcaafc5783ad66aac32d3c Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-07-22 10:56:19 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-07-23 09:13:32 +0000 www-apps/gitea: security bump to 1.16.9, drop vulnerable Bug: https://bugs.gentoo.org/857819 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/26516 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-apps/gitea/Manifest | 2 +- www-apps/gitea/{gitea-1.16.8.ebuild => gitea-1.16.9.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-)
Thanks! Please stable when ready
(In reply to John Helmert III from comment #0) > "* SECURITY > * Add write check for creating Commit status > (https://github.com/go-gitea/gitea/pull/20332) > (https://github.com/go-gitea/gitea/pull/20334) > * Check for permission when fetching user controlled issues > (https://github.com/go-gitea/gitea/pull/20133) > (https://github.com/go-gitea/gitea/pull/20196)" > > Please bump to 1.16.9. The second issue seems to have been assigned CVE-2022-38183.
Minimal impact, no glsa.
We've got a bunch of Gitea bugs so we'll GLSA them all together.
GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3f72d6f5794d0d3c914ffacdf4c915fd8aac8d89 commit 3f72d6f5794d0d3c914ffacdf4c915fd8aac8d89 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:10:13 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:14 +0000 [ GLSA 202210-14 ] Gitea: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/848465 Bug: https://bugs.gentoo.org/857819 Bug: https://bugs.gentoo.org/868996 Bug: https://bugs.gentoo.org/877355 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-14.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+)
GLSA released, all done!