FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1431a25c-8a70-11eb-bd16-0800278d94f0gitea -- quoting in markdown text

The Gitea Team reports for release 1.13.5:

  • Update to goldmark 1.3.3

Discovery 2021-03-20
Entry 2021-03-21
gitea
< 1.13.5

https://github.com/go-gitea/gitea/releases/tag/v1.13.5
ports/254130
d3180f02-031e-11ec-875f-0800273f11eagitea -- multiple vulnerabilities

The Gitea Team reports for release 1.15.0:

  • Encrypt LDAP bind password in db with SECRET_KEY (#15547)
  • Remove random password in Dockerfiles (#15362)
  • Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (#16590) (#16606)
  • Correctly create of git-daemon-export-ok files (#16508) (#16514)
  • Don't show private user's repo in explore view (#16550) (#16554)
  • Update node tar dependency to 6.1.6 (#16622) (#16623)

Discovery 2021-04-29
Entry 2021-08-22
gitea
< 1.15.0

https://github.com/go-gitea/gitea/releases/tag/v1.15.0
ports/257994
0ff80f41-aefe-11ec-b4b6-d05099c0c059gitea -- Improper/incorrect authorization

Youssef Rebahi-Gilbert reports:

When Gitea is built and configured for PAM authentication it skips checking authorization completely. Therefore expired accounts and accounts with expired passwords can still login.


Discovery 2022-03-06
Entry 2022-03-29
gitea
< 1.16.4

CVE-2022-0905
https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb
502ba001-7ffa-11eb-911c-0800278d94f0gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.13.3:

  • Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one

The Gitea Team reports for release 1.13.4:

  • Fix issue popups

Discovery 2021-01-07
Entry 2021-02-06
gitea
< 1.13.4

https://github.com/go-gitea/gitea/releases/tag/v1.13.3
https://github.com/go-gitea/gitea/releases/tag/v1.13.4
ports/254130
83466f76-aefe-11ec-b4b6-d05099c0c059gitea -- Open Redirect on login

Andrew Thornton reports:

When a location containing backslashes is presented, the existing protections against open redirect are bypassed, because browsers will convert adjacent forward and backslashes within the location to double forward slashes.


Discovery 2022-03-23
Entry 2022-03-29
gitea
< 1.16.5

CVE-2022-1058
https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d/
cdb10765-6879-11eb-a7d8-08002734b9edgitea -- multiple vulnerabilities

The Gitea Team reports for release 1.13.2:

  • Prevent panic on fuzzer provided string
  • Add secure/httpOnly attributes to the lang cookie

Discovery 2021-01-07
Entry 2021-02-06
gitea
< 1.13.2

https://github.com/go-gitea/gitea/releases/tag/v1.13.2
ports/253295
733afd81-01cf-11ec-aec9-0800273f11eagitea -- multiple vulnerabilities

The Gitea Team reports for release 1.14.6:

  • Bump github.com/markbates/goth from v1.67.1 to v1.68.0 (#16538) (#16540)
  • Switch to maintained JWT lib (#16532) (#16535)
  • Upgrade to latest version of golang-jwt (as forked for 1.14) (#16590) (#16607)

Discovery 2021-07-24
Entry 2021-08-20
gitea
< 1.14.6

https://github.com/go-gitea/gitea/releases/tag/v1.14.6
ports/257973
094fb2ec-9aa3-11eb-83cb-0800278d94f0gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.14.0:

  • Validate email in external authenticator registration form
  • Ensure validation occurs on clone addresses too

Discovery 2021-03-11
Entry 2021-04-11
gitea
< 1.14.0

https://github.com/go-gitea/gitea/releases/tag/v1.14.0
ports/254976
943d23b6-e65e-11eb-ad30-0800273f11eagitea -- multiple vulnerabilities

The Gitea Team reports for release 1.14.5:

  • Hide mirror passwords on repo settings page (#16022) (#16355)
  • Update bluemonday to v1.0.15 (#16379) (#16380)

Discovery 2021-05-16
Entry 2021-07-18
gitea
< 1.14.5

https://github.com/go-gitea/gitea/releases/tag/v1.14.5
ports/257221
df794e5d-3975-11ec-84e8-0800273f11eagitea -- multiple vulnerabilities

The Gitea Team reports for release 1.15.5:

  • Upgrade Bluemonday to v1.0.16 (#17372) (#17374)
  • Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)

Discovery 2021-10-21
Entry 2021-11-04
gitea
< 1.15.5

https://github.com/go-gitea/gitea/releases/tag/v1.15.5
ports/259548
c4d2f950-8c27-11eb-a3ae-0800278d94f0gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.13.6:

  • Fix bug on avatar middleware
  • Fix another clusterfuzz identified issue

Discovery 2021-03-21
Entry 2021-03-23
gitea
< 1.13.6

https://github.com/go-gitea/gitea/releases/tag/v1.13.5
ports/254515
8ba23a62-997d-11eb-9f0e-0800278d94f0gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.13.7:

  • Update to bluemonday-1.0.6
  • Clusterfuzz found another way

Discovery 2021-04-07
Entry 2021-04-09
gitea
< 1.13.7

https://github.com/go-gitea/gitea/releases/tag/v1.13.7
ports/254930
55facdb0-2c24-11eb-9aac-08002734b9edgitea -- multiple vulnerabilities

The Gitea Team reports for release 1.12.6:

  • Prevent git operations for inactive users
  • Disallow urlencoded new lines in git protocol paths if there is a port

Discovery 2020-11-16
Entry 2020-11-21
gitea
< 1.12.6

Disallow urlencoded new lines in git protocol paths if there is a port
ports/251296
95ee401d-cc6a-11ec-9cfc-10c37b4ac2eagitea -- Escape git fetch remote

The Gitea team reports:

Escape git fetch remote in services/migrations/gitea_uploader.go


Discovery 2022-04-25
Entry 2022-05-05
gitea
< 1.16.7

https://github.com/go-gitea/gitea/pull/19487
0e561c06-d13a-11eb-92be-0800273f11eagitea -- multiple vulnerabilities

The Gitea Team reports for release 1.14.3:

  • Encrypt migration credentials at rest (#15895) (#16187)
  • Only check access tokens if they are likely to be tokens (#16164) (#16171)
  • Add missing SameSite settings for the i_like_gitea cookie (#16037) (#16039)
  • Fix setting of SameSite on cookies (#15989) (#15991)

Discovery 2021-05-16
Entry 2021-06-19
gitea
< 1.14.3

https://github.com/go-gitea/gitea/releases/tag/v1.14.3
ports/256720
b99492b2-362b-11eb-9f86-08002734b9edgitea -- multiple vulnerabilities

The Gitea Team reports for release 1.13.0:

  • Add Allow-/Block-List for Migrate and Mirrors
  • Prevent git operations for inactive users
  • Disallow urlencoded new lines in git protocol paths if there is a port
  • Mitigate Security vulnerability in the git hook feature
  • Disable DSA ssh keys by default
  • Set TLS minimum version to 1.2
  • Use argon as default password hash algorithm
  • Escape failed highlighted files

Discovery 2020-12-01
Entry 2020-12-04
gitea
< 1.13.0

https://github.com/go-gitea/gitea/releases/tag/v1.13.0
ports/251577
2739b88b-4b88-11eb-a4c0-08002734b9edgitea -- multiple vulnerabilities

The Gitea Team reports for release 1.13.1:

  • Hide private participation in Orgs
  • Fix escaping issue in diff

Discovery 2020-12-15
Entry 2020-12-31
gitea
< 1.13.1

https://github.com/go-gitea/gitea/releases/tag/v1.13.1
ports/252310