aboutsummaryrefslogtreecommitdiff
path: root/security/vuxml/vuln.xml
diff options
context:
space:
mode:
Diffstat (limited to 'security/vuxml/vuln.xml')
-rw-r--r--security/vuxml/vuln.xml35
1 files changed, 35 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 85d4481867cb..7c5322647e21 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -58,6 +58,41 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="b99492b2-362b-11eb-9f86-08002734b9ed">
+ <topic>gitea -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>gitea</name>
+ <range><lt>1.13.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Gitea Team reports for release 1.13.0:</p>
+ <blockquote cite="https://blog.gitea.io/2020/12/gitea-1.13.0-is-released/">
+ <ul>
+ <li>Add Allow-/Block-List for Migrate & Mirrors</li>
+ <li>Prevent git operations for inactive users</li>
+ <li>Disallow urlencoded new lines in git protocol paths if there is a port</li>
+ <li>Mitigate Security vulnerability in the git hook feature</li>
+ <li>Disable DSA ssh keys by default </li>
+ <li>Set TLS minimum version to 1.2</li>
+ <li>Use argon as default password hash algorithm</li>
+ <li>Escape failed highlighted files</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/go-gitea/gitea/releases/tag/v1.13.0</url>
+ <freebsdpr>ports/251577</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2020-12-01</discovery>
+ <entry>2020-12-04</entry>
+ </dates>
+ </vuln>
+
<vuln vid="e2748c9d-3483-11eb-b87a-901b0ef719ab">
<topic>FreeBSD -- Multiple vulnerabilities in rtsold</topic>
<affects>