From nobody Wed Jun 19 06:37:45 2024 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W3v7Y2dhgz5P3Bm for ; Wed, 19 Jun 2024 06:37:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4W3v7X6bClz3xhx for ; Wed, 19 Jun 2024 06:37:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1718779064; a=rsa-sha256; cv=none; b=B6q1LSmzstNBCZSjIeqagJeJInPOt/JFvgcAephoE3xv3rRXyQB/4OrGJ4HXtbxvlLi7KR 79B0OQK2C/LJ+eVbLVocEhkSzpEQCxEQLdf//cFR1rrwE+NDXs4VmZ3cSev8vk5I9Fsp2+ 6cA0XncHT/j9hyauTDrNulKDt6LKx2IJExOdSDXbZn+qSSEXbDgnpY33eNvJD/tSwLIvYi VgPS7fiOPv5T0NqxySqFHjoj0FIVnafrWgtqU3xXIKVHPo3jrazbk0RDm8Mp1bE7H4FaRQ VYk0NchodEP/z8Rp1/ap06XPZDtDYdphrYJp52Od3UqByAmcC0C4xuP13wUnNg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1718779064; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2Qj6KhhyflRrMDVOK5OEqyC5ycoltjkcbtrtLQlxmPg=; b=j0DpUKqG5HBCkWZQG4eeoZk+jjaSTh76VAjenQK9l98dN7yAIwHI79AYYjyVQMyZ5+Om7E jUN1+iUfStlShPEJcBxuXhEn88i8u5OcoJDhlL1BYTvMHBsorHLPeibTzQ0J3+rvY4BsPq +QeNwM8StYLYU/FsW3tWHKsincxYEt5t6rqvstlNG5y5hQB0eb+i91XydPN888lhqnKzWS o0+DkCNTQWW4duv60LY9BT3BBwbgry+aueClyCS8U7l9vZ8V4evPcNSFo6y1UhBxZOlyyT MMoYBa+9JIlFlJ5yIx5lR7+pvfDsKTyIZfg47/OFB8p1NJnx6AgQ1EreMNWAjg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4W3v7X65nFzWvN for ; Wed, 19 Jun 2024 06:37:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 45J6biGg008654 for ; Wed, 19 Jun 2024 06:37:44 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 45J6biZA008653 for ports-bugs@FreeBSD.org; Wed, 19 Jun 2024 06:37:44 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 279781] www/forgejo: update to 7.0.4 (fixes security vulnerabilities) Date: Wed, 19 Jun 2024 06:37:45 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-ports-bugs@freebsd.org Sender: owner-freebsd-ports-bugs@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279781 --- Comment #2 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3Dbe43fb2830c94e23e0d9aa49ef9b982= b0ab31e2c commit be43fb2830c94e23e0d9aa49ef9b982b0ab31e2c Author: Stefan Bethke AuthorDate: 2024-06-17 17:16:10 +0000 Commit: Fernando Apestegu=C3=ADa CommitDate: 2024-06-19 06:37:17 +0000 www/forgejo: update to 7.0.4 (fixes security vulnerabilities) CVE-2024-24789: the archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. PR: 279781 Reported by: stb@lassitu.de (maintainer) MFH: 2024Q2 Security: CVE-2024-24789 www/forgejo/Makefile | 3 +-- www/forgejo/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=