Date: Mon, 17 Jul 2023 13:07:25 GMT From: =?utf-8?Q?Fernando=20Apestegu=C3=ADa?= <fernape@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 878a79c79f8d - main - security/vuxml: record www/gitea vulnerabilities Message-ID: <202307171307.36HD7PXt016207@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=878a79c79f8dadaa2f3b2fd38dd8fbaebe80a5f4 commit 878a79c79f8dadaa2f3b2fd38dd8fbaebe80a5f4 Author: Fernando ApesteguĂa <fernape@FreeBSD.org> AuthorDate: 2023-07-17 06:58:44 +0000 Commit: Fernando ApesteguĂa <fernape@FreeBSD.org> CommitDate: 2023-07-17 13:07:12 +0000 security/vuxml: record www/gitea vulnerabilities * Test if container blob is accessible before mounting * Set type="password" on all auth_token fields PR: 272538 --- security/vuxml/vuln/2023.xml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index aa6f016e3156..9933364b3f5f 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,36 @@ + <vuln vid="b3f77aae-241c-11ee-9684-c11c23f7b0f9"> + <topic>gitea -- multiple issues</topic> + <affects> + <package> + <name>gitea</name> + <range><lt>1.20.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The Gitea team reports:</p> + <blockquote cite="https://github.com/go-gitea/gitea/pull/22759">; + <p>Test if container blob is accessible before mounting.</p> + </blockquote> + <blockquote cite="https://github.com/go-gitea/gitea/pull/22175">; + <p>Set type="password" on all auth_token fields</p> + <p>Seen when migrating from other hosting platforms.</p> + <p>Prevents exposing the token to screen capture/cameras/eyeballs.</p> + <p>Prevents the browser from saving the value in its autocomplete + dictionary, which often is not secure.</p> + </blockquote> + </body> + </description> + <references> + <url>https://blog.gitea.com/release-of-1.20.0</url>; + <url>https://github.com/go-gitea/gitea/releases/tag/v1.20.0</url>; + </references> + <dates> + <discovery>2023-06-08</discovery> + <entry>2023-07-05</entry> + </dates> + </vuln> + <vuln vid="41c60e16-2405-11ee-a0d1-84a93843eb75"> <topic>OpenSSL -- AES-SIV implementation ignores empty associated data entries</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202307171307.36HD7PXt016207>