From nobody Wed Jun 19 06:43:47 2024 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W3vGX1vNyz5P3jH for ; Wed, 19 Jun 2024 06:43:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4W3vGW6Lj3z40HR for ; Wed, 19 Jun 2024 06:43:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1718779427; a=rsa-sha256; cv=none; b=fyqCvIl2ORCGr6rzV5i7A6KrGQH1Fy+UgYklA2xQlZIP0SziDyxn3H1cqfFbHnVvUZ2j6l vhcy77UnRWs+Us5oDORNC0FxQMHRofOw5PEKJ4k2m3vaJkjUovp5fWmrVlwQ3jCfbZzSbT lCampEntjt5CbOTzXx1ukl1H0Bwn3ZoC0oroguiGPxs3uasTzvaFUUHFSIekDisONbksIE IhbYgkAy0ifp8LU+BP/7vlL8xot16QXVgMi+t1KCiUmzBKbfUIZew0zN+DkSWig/KwuTX9 x+epfZSkpKDK6sJRIOePp7F8YNCXVaEwI33K47zcCbg8+QwC5aZFAkp9cgNfnw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1718779427; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=S19yVH4beiQPRgbqqTTTPuWdVHatea66reL/My/jOm8=; b=gQzzjyE9KxCMFssBK9QBOvKyZhGYsZG2esvQCTx6/+BULq/hZ8GB4KzIXlGGX94LZC69jA HvRbvPRnpErDJKzysdgf5JGalR4KwoVcuSp4vwdfvTmXQm0NemkhgrJSeWC0S3YvXl0wiu z0riPvOMiXWGI+v3COgefvASDjedHd8uxdAn79r5N9428fnDRq9jIP1NO0XkqQMAXoVI6U F5a6q+EtOSyYBpOJfLDth5z7UArPyEjzH+1KDaqBIL5I8wsnsB/A2QezK3mY6+nER9lwSa yfoMQ0jB7GEGUBIiGJSP9wTbC7M7h/WArPMsc1xhMEQBdC1Eo27ft9p/sp7qgw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4W3vGW5xTNzXXG for ; Wed, 19 Jun 2024 06:43:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 45J6hlI9035705 for ; Wed, 19 Jun 2024 06:43:47 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 45J6hlEs035704 for ports-bugs@FreeBSD.org; Wed, 19 Jun 2024 06:43:47 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 279781] www/forgejo: update to 7.0.4 (fixes security vulnerabilities) Date: Wed, 19 Jun 2024 06:43:47 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-ports-bugs@freebsd.org Sender: owner-freebsd-ports-bugs@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279781 --- Comment #3 from commit-hook@FreeBSD.org --- A commit in branch 2024Q2 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3Dd18807bcfba5dd79b8d8fdce2c6baf9= f962fa69f commit d18807bcfba5dd79b8d8fdce2c6baf9f962fa69f Author: Stefan Bethke AuthorDate: 2024-06-17 17:16:10 +0000 Commit: Fernando Apestegu=C3=ADa CommitDate: 2024-06-19 06:42:50 +0000 www/forgejo: update to 7.0.4 (fixes security vulnerabilities) CVE-2024-24789: the archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. PR: 279781 Reported by: stb@lassitu.de (maintainer) MFH: 2024Q2 Security: CVE-2024-24789 (cherry picked from commit be43fb2830c94e23e0d9aa49ef9b982b0ab31e2c) www/forgejo/Makefile | 3 +-- www/forgejo/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=