Date: Wed, 19 Jun 2024 06:37:45 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 279781] www/forgejo: update to 7.0.4 (fixes security vulnerabilities) Message-ID: <bug-279781-7788-V1qerYTBCR@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-279781-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-279781-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279781 --- Comment #2 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3Dbe43fb2830c94e23e0d9aa49ef9b982= b0ab31e2c commit be43fb2830c94e23e0d9aa49ef9b982b0ab31e2c Author: Stefan Bethke <stb@lassitu.de> AuthorDate: 2024-06-17 17:16:10 +0000 Commit: Fernando Apestegu=C3=ADa <fernape@FreeBSD.org> CommitDate: 2024-06-19 06:37:17 +0000 www/forgejo: update to 7.0.4 (fixes security vulnerabilities) CVE-2024-24789: the archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. PR: 279781 Reported by: stb@lassitu.de (maintainer) MFH: 2024Q2 Security: CVE-2024-24789 www/forgejo/Makefile | 3 +-- www/forgejo/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-279781-7788-V1qerYTBCR>