Date: Mon, 28 Aug 2023 15:17:15 GMT From: Li-Wen Hsu <lwhsu@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: c9de928254bd - main - security/vuxml: Document gitea -- information disclosure Message-ID: <202308281517.37SFHFlt045714@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by lwhsu: URL: https://cgit.FreeBSD.org/ports/commit/?id=c9de928254bda56201e2b60055d135c35067eba7 commit c9de928254bda56201e2b60055d135c35067eba7 Author: Stefan Bethke <stb@lassitu.de> AuthorDate: 2023-08-28 15:13:51 +0000 Commit: Li-Wen Hsu <lwhsu@FreeBSD.org> CommitDate: 2023-08-28 15:17:02 +0000 security/vuxml: Document gitea -- information disclosure PR: 273379 --- security/vuxml/vuln/2023.xml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 0173656d4737..26331c341905 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,33 @@ + <vuln vid="36a37c92-44b1-11ee-b091-6162c1274384"> + <topic>gitea -- information disclosure</topic> + <affects> + <package> + <name>gitea</name> + <range><lt>1.20.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Gitea team reports:</p> + <blockquote cite="https://github.com/go-gitea/gitea/pull/25097"> + <p>Fix API leaking Usermail if not logged in</p> + <p>The API should only return the real Mail of a User, if the + caller is logged in. The check do to this don't work. This PR + fixes this. This not really a security issue, but can lead to + Spam.</p> + </blockquote> + </body> + </description> + <references> + <url>https://blog.gitea.com/release-of-1.20.3</url> + <url>https://github.com/go-gitea/gitea/releases/tag/v1.20.3</url> + </references> + <dates> + <discovery>2023-06-06</discovery> + <entry>2023-08-27</entry> + </dates> + </vuln> + <vuln vid="5fa332b9-4269-11ee-8290-a8a1599412c6"> <topic>chromium -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202308281517.37SFHFlt045714>