diff options
| author | Adam Weinberger <adamw@FreeBSD.org> | 2020-03-07 18:31:08 +0000 |
|---|---|---|
| committer | Adam Weinberger <adamw@FreeBSD.org> | 2020-03-07 18:31:08 +0000 |
| commit | 3d22a415107a5b10acadced1403789f0f6296f60 (patch) | |
| tree | a8c19db6f1cd9667db4ea4fb14074c2a9af424e7 /security | |
| parent | 481a799f6b0c47292f33588b3392dabf9c9f707d (diff) | |
| download | ports-3d22a415107a5b10acadced1403789f0f6296f60.tar.gz ports-3d22a415107a5b10acadced1403789f0f6296f60.zip | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d504d3e213e8..7bfe68f75f45 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,53 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="be088777-6085-11ea-8609-08002731610e"> + <topic>gitea -- multiple vulnerabilities</topic> + <affects> + <package> + <name>gitea</name> + <range><lt>1.11.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Gitea Team reports for release 1.11.0:</p> + <blockquote cite="https://github.com/go-gitea/gitea/releases/tag/v1.11.0"> + <ul> + <li>Never allow an empty password to validate (#9682) (#9683)</li> + <li>Prevent redirect to Host (#9678) (#9679)</li> + <li>Swagger hide search field (#9554)</li> + <li>Add "search" to reserved usernames (#9063)</li> + <li>Switch to fomantic-ui (#9374)</li> + <li>Only serve attachments when linked to issue/release and if accessible by user (#9340)</li> + </ul> + </blockquote> + <p>The Gitea Team reports for release 1.11.2:</p> + <blockquote cite="https://github.com/go-gitea/gitea/releases/tag/v1.11.2"> + <ul> + <li>Ensure only own addresses are updated (#10397) (#10399)</li> + <li>Logout POST action (#10582) (#10585)</li> + <li>Org action fixes and form cleanup (#10512) (#10514)v + <li>Change action GETs to POST (#10462) (#10464)</li> + <li>Fix admin notices (#10480) (#10483)</li> + <li>Change admin dashboard to POST (#10465) (#10466)</li> + <li>Update markbates/goth (#10444) (#10445)</li> + <li>Update crypto vendors (#10385) (#10398)</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>https://blog.gitea.io/2020/02/gitea-1.11.0-is-released/</url> + <url>https://blog.gitea.io/2020/03/gitea-1.11.2-is-released/</url> + <freebsdpr>ports/244025</freebsdpr> + </references> + <dates> + <discovery>2019-11-18</discovery> + <entry>2020-03-07</entry> + </dates> + </vuln> + <vuln vid="8c98e643-6008-11ea-af63-38d547003487"> <topic>salt -- salt-api vulnerability</topic> <affects> |