From nobody Fri Dec 23 08:38:49 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NdgZL11BNz1H7Tg; Fri, 23 Dec 2022 08:38:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NdgZK6Dgfz46s5; Fri, 23 Dec 2022 08:38:49 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1671784729; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=w1Fl6BuxmkvCarXkfgPfdS043NX204tWmQwcCrTZTwQ=; b=NP1S+ArXtOSYGBw0BDnla6q/bK3FS9mZ57dTNeHeTSMiGUuoPqZVlBV+dwyZ4UkqZQLNye ERVciZU4/k3MXQ3t1tz6GrqsoY9PpFvQYsHSqt5LVFxHOzj+fqo9e7vj6lbwG/7V0o8iS8 nLp/rH9wD24k9vXfNRJyhfUSG/tXXYC/al7dha8mrHYF8TVfUmgW8ERZJk/1oHMLryE+wf HAZXUgJ99r3+4gILxwOzjLkfT8+pVi6a6POYBVprDW6Ykhx0WD7ObtH0uhRNyxsoYEUK1b /AGqYuEPq0dPTRi4CTeMgHj/BMhVCpMXBKi+BxwE6wPiDdFhwdMlJZxi4MLNqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1671784729; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=w1Fl6BuxmkvCarXkfgPfdS043NX204tWmQwcCrTZTwQ=; b=tQU+SrX49ybnGSxDvGVRbPJnQJ4Djo4oh3Afrz12G3HYf9pVAznd1wKMdtgUSUBHoVApqM hU5tBGoPswczzwbNTL6Rcl6abxBlTuRRnmqw3+si1yD7n2D6xFl09vxhLfumAy6GX3S/pr Q/fR08JDS+dVynKZzb+b1jfX75sSF5IhypiiCCGUD9c4XjAf9eyfwuyqMQyPo/a/dJ0fB4 ncI8rk6qEyJoU0FM2IKvTycu0hd0yRHIY51c1aNDw73mcWebDZjgPsJDJp4VCLF7HwD9cU 353LppXPAcHHO4cYnTjyr+sOwe8Ha6UBG6Rqq7eYCAnssqW/dNd6xm8mJzP6Ug== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1671784729; a=rsa-sha256; cv=none; b=oQsFsvU0GWqrQbepbhqofJQkfbj31sFiJmSF8TkqczXlpS8fLGjGaOTXjCPtjj5WJootlN QHttU2pJBsfr6AMnjr/EZHrXMvQlc1/yjvuQSVN4LNs7dOKHxILqAdXvnpCwLW1jnQCmxL CMFbYDKVzlaRxNDYZ/7e5gPMEFHY7rVy5zKC7pCi4Uy2VJiPuyvpnu2DKgLZM3IhxprtKU 7bkEIcMcAe5WwOa+CuvaES6Fm2IR2sBWPQgs47BL6Om/tnAGajVJS+Fj31pP8lf2bINdkR iVkc3isM8ANP7wcWYaTZwiX1j7gzGIp016/4c0AvneZ7KCBpHhs0PFsEY03MJw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NdgZK5JwgzSPK; Fri, 23 Dec 2022 08:38:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2BN8cnEQ026270; Fri, 23 Dec 2022 08:38:49 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2BN8cnsL026269; Fri, 23 Dec 2022 08:38:49 GMT (envelope-from git) Date: Fri, 23 Dec 2022 08:38:49 GMT Message-Id: <202212230838.2BN8cnsL026269@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Nuno Teixeira Subject: git: e8352eb7d977 - main - security/vuxml: Document Gitea multiple vulnerabilities List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: eduardo X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e8352eb7d977a137398360dd7f207dce6f6672e1 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by eduardo: URL: https://cgit.FreeBSD.org/ports/commit/?id=e8352eb7d977a137398360dd7f207dce6f6672e1 commit e8352eb7d977a137398360dd7f207dce6f6672e1 Author: Stefan Bethke AuthorDate: 2022-12-23 08:33:48 +0000 Commit: Nuno Teixeira CommitDate: 2022-12-23 08:38:15 +0000 security/vuxml: Document Gitea multiple vulnerabilities PR: 268512 --- security/vuxml/vuln/2022.xml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml index d2706096bc05..0e3c590c0e3e 100644 --- a/security/vuxml/vuln/2022.xml +++ b/security/vuxml/vuln/2022.xml @@ -1,3 +1,31 @@ + + gitea -- multiple issues + + + gitea + 1.17.4 + + + + +

The Gitea team reports:

+
+

Do not allow Ghost access to limited visible user/org

+
+
+

Fix package access for admins and inactive users

+
+ + + + https://github.com/go-gitea/gitea/releases/tag/v1.17.4 + + + 2022-10-24 + 2022-12-22 + + + typo3 -- multiple vulnerabilities