Date: Fri, 4 Dec 2020 16:56:32 +0000 (UTC) From: Adam Weinberger <adamw@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r556988 - head/security/vuxml Message-ID: <202012041656.0B4GuW0O003895@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: adamw Date: Fri Dec 4 16:56:31 2020 New Revision: 556988 URL: https://svnweb.freebsd.org/changeset/ports/556988 Log: security/vuxml: Add entry for gitea < 1.13.0 PR: 251577 Submitted by: maintainer Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Dec 4 16:56:01 2020 (r556987) +++ head/security/vuxml/vuln.xml Fri Dec 4 16:56:31 2020 (r556988) @@ -58,6 +58,41 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="b99492b2-362b-11eb-9f86-08002734b9ed"> + <topic>gitea -- multiple vulnerabilities</topic> + <affects> + <package> + <name>gitea</name> + <range><lt>1.13.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Gitea Team reports for release 1.13.0:</p> + <blockquote cite="https://blog.gitea.io/2020/12/gitea-1.13.0-is-released/"> + <ul> + <li>Add Allow-/Block-List for Migrate & Mirrors</li> + <li>Prevent git operations for inactive users</li> + <li>Disallow urlencoded new lines in git protocol paths if there is a port</li> + <li>Mitigate Security vulnerability in the git hook feature</li> + <li>Disable DSA ssh keys by default </li> + <li>Set TLS minimum version to 1.2</li> + <li>Use argon as default password hash algorithm</li> + <li>Escape failed highlighted files</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/go-gitea/gitea/releases/tag/v1.13.0</url> + <freebsdpr>ports/251577</freebsdpr> + </references> + <dates> + <discovery>2020-12-01</discovery> + <entry>2020-12-04</entry> + </dates> + </vuln> + <vuln vid="e2748c9d-3483-11eb-b87a-901b0ef719ab"> <topic>FreeBSD -- Multiple vulnerabilities in rtsold</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012041656.0B4GuW0O003895>