diff options
author | Adam Weinberger <adamw@FreeBSD.org> | 2020-12-04 16:56:31 +0000 |
---|---|---|
committer | Adam Weinberger <adamw@FreeBSD.org> | 2020-12-04 16:56:31 +0000 |
commit | 1f3278c42221a7ae1602a0f30bc5265e8f7e5c01 (patch) | |
tree | 25129333cdf4b84d43a53997ae5ae10f68ca09b2 | |
parent | 5f48a06a78fd16542620d28a1d790223cb3d4806 (diff) | |
download | ports-1f3278c42221a7ae1602a0f30bc5265e8f7e5c01.tar.gz ports-1f3278c42221a7ae1602a0f30bc5265e8f7e5c01.zip |
security/vuxml: Add entry for gitea < 1.13.0
PR: 251577
Submitted by: maintainer
Notes
Notes:
svn path=/head/; revision=556988
-rw-r--r-- | security/vuxml/vuln.xml | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 85d4481867cb..7c5322647e21 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,41 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="b99492b2-362b-11eb-9f86-08002734b9ed"> + <topic>gitea -- multiple vulnerabilities</topic> + <affects> + <package> + <name>gitea</name> + <range><lt>1.13.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Gitea Team reports for release 1.13.0:</p> + <blockquote cite="https://blog.gitea.io/2020/12/gitea-1.13.0-is-released/"> + <ul> + <li>Add Allow-/Block-List for Migrate & Mirrors</li> + <li>Prevent git operations for inactive users</li> + <li>Disallow urlencoded new lines in git protocol paths if there is a port</li> + <li>Mitigate Security vulnerability in the git hook feature</li> + <li>Disable DSA ssh keys by default </li> + <li>Set TLS minimum version to 1.2</li> + <li>Use argon as default password hash algorithm</li> + <li>Escape failed highlighted files</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/go-gitea/gitea/releases/tag/v1.13.0</url> + <freebsdpr>ports/251577</freebsdpr> + </references> + <dates> + <discovery>2020-12-01</discovery> + <entry>2020-12-04</entry> + </dates> + </vuln> + <vuln vid="e2748c9d-3483-11eb-b87a-901b0ef719ab"> <topic>FreeBSD -- Multiple vulnerabilities in rtsold</topic> <affects> |