Date: Fri, 22 Nov 2019 11:15:10 +0000 (UTC) From: Kai Knoblich <kai@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r518141 - head/security/vuxml Message-ID: <201911221115.xAMBFAAj095943@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kai Date: Fri Nov 22 11:15:09 2019 New Revision: 518141 URL: https://svnweb.freebsd.org/changeset/ports/518141 Log: security/vuxml: Document www/gitea issues PR: 241981 Submitted by: Nils Johannsen <nilsjohannsen@gmx.de> (based on) Approved by: stb@lassitu.de (maintainer) Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Nov 22 10:50:38 2019 (r518140) +++ head/security/vuxml/vuln.xml Fri Nov 22 11:15:09 2019 (r518141) @@ -58,6 +58,39 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="b12a341a-0932-11ea-bf09-080027e0baa0"> + <topic>gitea -- multiple vulnerabilities</topic> + <affects> + <package> + <name>gitea</name> + <range><lt>1.9.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The Gitea Team reports:</p> + <blockquote cite="https://blog.gitea.io/2019/11/gitea-1.10.0-is-released/">; + <p>This release contains five security fixes, so we recommend updating:</p> + <ul> + <li>Fix issue with user.fullname</li> + <li>Ignore mentions for users with no access</li> + <li>Be more strict with git arguments</li> + <li>Extract the username and password from the mirror url</li> + <li>Reserve .well-known username</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>https://blog.gitea.io/2019/11/gitea-1.10.0-is-released/</url>; + <freebsdpr>ports/241981</freebsdpr> + </references> + <dates> + <discovery>2019-11-17</discovery> + <entry>2019-11-22</entry> + </dates> + </vuln> + <vuln vid="94c6951a-0d04-11ea-87ca-001999f8d30b"> <topic>asterisk -- Re-invite with T.38 and malformed SDP causes crash</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201911221115.xAMBFAAj095943>