From 1f3278c42221a7ae1602a0f30bc5265e8f7e5c01 Mon Sep 17 00:00:00 2001 From: Adam Weinberger Date: Fri, 4 Dec 2020 16:56:31 +0000 Subject: security/vuxml: Add entry for gitea < 1.13.0 PR: 251577 Submitted by: maintainer --- security/vuxml/vuln.xml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 85d4481867cb..7c5322647e21 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,41 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + gitea -- multiple vulnerabilities + + + gitea + 1.13.0 + + + + +

The Gitea Team reports for release 1.13.0:

+
+
Add Allow-/Block-List for Migrate & Mirrors
+
Prevent git operations for inactive users
+
Disallow urlencoded new lines in git protocol paths if there is a port
+
Mitigate Security vulnerability in the git hook feature
+
Disable DSA ssh keys by default
+
Set TLS minimum version to 1.2
+
Use argon as default password hash algorithm
+
Escape failed highlighted files
+
+

+ + + + https://github.com/go-gitea/gitea/releases/tag/v1.13.0 + ports/251577 + + + 2020-12-01 + 2020-12-04 + + + FreeBSD -- Multiple vulnerabilities in rtsold -- cgit v1.2.3