git: 4740aad8925c - main - security/vuxml: Add forgejo vulnerability
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 29 Dec 2025 16:49:38 UTC
The branch main has been updated by fernape:
URL: https://cgit.FreeBSD.org/ports/commit/?id=4740aad8925cd5d195d5975fb18e9985f18f9ed2
commit 4740aad8925cd5d195d5975fb18e9985f18f9ed2
Author: Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2025-12-29 16:47:24 +0000
Commit: Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2025-12-29 16:47:24 +0000
security/vuxml: Add forgejo vulnerability
* CVE-2025-68937
---
security/vuxml/vuln/2025.xml | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index bb133a678498..c9e3bbeddcf6 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,33 @@
+ <vuln vid="963f4e9d-e4d5-11f0-984f-b42e991fc52e">
+ <topic>Forgejo -- Symbolic Link (Symlink) Following</topic>
+ <affects>
+ <package>
+ <name>forgejo</name>
+ <range><lt>13.0.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md reports:</p>
+ <blockquote cite="https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md">
+ <p>Forgejo before 13.0.2 allows attackers to write to
+ unintended files, and possibly obtain server shell access,
+ because of mishandling of out-of-repository symlink
+ destinations for template repositories. This is also fixed
+ for 11 LTS in 11.0.7 and later.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-68937</cvename>
+ <url>https://cveawg.mitre.org/api/cve/CVE-2025-68937</url>
+ </references>
+ <dates>
+ <discovery>2025-12-25</discovery>
+ <entry>2025-12-29</entry>
+ </dates>
+ </vuln>
+
<vuln vid="bf854a37-e180-11f0-ac0c-5404a68ad561">
<topic>fluidsynth -- Use after free when using DLS files</topic>
<affects>