FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b747783f-5fb6-11e9-b2ac-08002705f877gitea -- remote code execution

The Gitea team reports:

Prevent remote code execution vulnerability with mirror repo URL settings.


Discovery 2019-04-13
Entry 2019-04-17
gitea
< 1.7.5

https://blog.gitea.io/2019/04/gitea-1.7.6-is-released/
41c1cd6f-2645-11e9-b5f1-080027fee39cgitea -- multiple vulnerabilities

Gitea Team reports:

Disable redirect for i18n

Only allow local login if password is non-empty

Fix go-get URL generation


Discovery 2019-01-31
Entry 2019-02-01
gitea
< 1.7.1

https://github.com/go-gitea/gitea/releases/tag/v1.7.1
b99492b2-362b-11eb-9f86-08002734b9edgitea -- multiple vulnerabilities

The Gitea Team reports for release 1.13.0:

  • Add Allow-/Block-List for Migrate and Mirrors
  • Prevent git operations for inactive users
  • Disallow urlencoded new lines in git protocol paths if there is a port
  • Mitigate Security vulnerability in the git hook feature
  • Disable DSA ssh keys by default
  • Set TLS minimum version to 1.2
  • Use argon as default password hash algorithm
  • Escape failed highlighted files

Discovery 2020-12-01
Entry 2020-12-04
gitea
< 1.13.0

https://github.com/go-gitea/gitea/releases/tag/v1.13.0
ports/251577
8ba23a62-997d-11eb-9f0e-0800278d94f0gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.13.7:

  • Update to bluemonday-1.0.6
  • Clusterfuzz found another way

Discovery 2021-04-07
Entry 2021-04-09
gitea
< 1.13.7

https://github.com/go-gitea/gitea/releases/tag/v1.13.7
ports/254930
55facdb0-2c24-11eb-9aac-08002734b9edgitea -- multiple vulnerabilities

The Gitea Team reports for release 1.12.6:

  • Prevent git operations for inactive users
  • Disallow urlencoded new lines in git protocol paths if there is a port

Discovery 2020-11-16
Entry 2020-11-21
gitea
< 1.12.6

Disallow urlencoded new lines in git protocol paths if there is a port
ports/251296
094fb2ec-9aa3-11eb-83cb-0800278d94f0gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.14.0:

  • Validate email in external authenticator registration form
  • Ensure validation occurs on clone addresses too

Discovery 2021-03-11
Entry 2021-04-11
gitea
< 1.14.0

https://github.com/go-gitea/gitea/releases/tag/v1.14.0
ports/254976
e7392840-c520-11e9-a4ef-0800274e5f20gitea -- multiple vulnerabilities

The Gitea Team reports:

This release contains two security fixes, so we highly recommend updating.


Discovery 2019-08-22
Entry 2019-08-22
gitea
< 1.9.2

https://github.com/go-gitea/gitea/releases/tag/v1.9.2
https://blog.gitea.io/2019/08/gitea-1.9.2-is-released/
29d34524-0542-11e9-a444-080027fee39cgitea -- privilege escalation, XSS

The Gitea project reports:

Security

  • Sanitize uploaded file names
  • HTMLEncode user added text

Discovery 2018-12-19
Entry 2018-12-21
gitea
< 1.6.2

https://github.com/go-gitea/gitea/issues/5569
https://github.com/go-gitea/gitea/issues/5565
d3180f02-031e-11ec-875f-0800273f11eagitea -- multiple vulnerabilities

The Gitea Team reports for release 1.15.0:

  • Encrypt LDAP bind password in db with SECRET_KEY (#15547)
  • Remove random password in Dockerfiles (#15362)
  • Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (#16590) (#16606)
  • Correctly create of git-daemon-export-ok files (#16508) (#16514)
  • Don't show private user's repo in explore view (#16550) (#16554)
  • Update node tar dependency to 6.1.6 (#16622) (#16623)

Discovery 2021-04-29
Entry 2021-08-22
gitea
< 1.15.0

https://github.com/go-gitea/gitea/releases/tag/v1.15.0
ports/257994
a1de4ae9-6fda-11e9-9ba0-4c72b94353b5gitea -- multiple vulnerabilities

Gitea Team reports:

This release contains two new security fixes which cannot be backported to the 1.7.0 branch, so it is recommended to update to this version.


Discovery 2019-04-21
Entry 2019-05-06
gitea
< 1.8.0

https://blog.gitea.io/2019/04/gitea-1.8.0-is-released/
2739b88b-4b88-11eb-a4c0-08002734b9edgitea -- multiple vulnerabilities

The Gitea Team reports for release 1.13.1:

  • Hide private participation in Orgs
  • Fix escaping issue in diff

Discovery 2020-12-15
Entry 2020-12-31
gitea
< 1.13.1

https://github.com/go-gitea/gitea/releases/tag/v1.13.1
ports/252310
df794e5d-3975-11ec-84e8-0800273f11eagitea -- multiple vulnerabilities

The Gitea Team reports for release 1.15.5:

  • Upgrade Bluemonday to v1.0.16 (#17372) (#17374)
  • Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)

Discovery 2021-10-21
Entry 2021-11-04
gitea
< 1.15.5

https://github.com/go-gitea/gitea/releases/tag/v1.15.5
ports/259548
0e561c06-d13a-11eb-92be-0800273f11eagitea -- multiple vulnerabilities

The Gitea Team reports for release 1.14.3:

  • Encrypt migration credentials at rest (#15895) (#16187)
  • Only check access tokens if they are likely to be tokens (#16164) (#16171)
  • Add missing SameSite settings for the i_like_gitea cookie (#16037) (#16039)
  • Fix setting of SameSite on cookies (#15989) (#15991)

Discovery 2021-05-16
Entry 2021-06-19
gitea
< 1.14.3

https://github.com/go-gitea/gitea/releases/tag/v1.14.3
ports/256720
7f6146aa-2157-11e9-9ba0-4c72b94353b5gitea -- multiple vulnerabilities

Gitea Team reports:

Do not display the raw OpenID error in the UI

When redirecting clean the path to avoid redirecting to external site

Prevent DeleteFilePost doing arbitrary deletion


Discovery 2019-01-22
Entry 2019-01-26
gitea
< 1.7.0

https://github.com/go-gitea/gitea/releases/tag/v1.7.0
3b2ee737-c12d-11e9-aabc-0800274e5f20gitea -- multiple vulnerabilities

The Gitea Team reports:

This release contains two security fixes, so we highly recommend updating.


Discovery 2019-07-31
Entry 2019-07-31
gitea
< 1.9.1

https://blog.gitea.io/2019/08/gitea-1.9.1-is-released/
https://github.com/go-gitea/gitea/releases/tag/v1.9.1
a8ba7358-4b02-11e9-9ba0-4c72b94353b5gitea -- XSS vulnerability

Gitea Team reports:

Fix potential XSS vulnerability in repository description.


Discovery 2019-03-12
Entry 2019-03-20
gitea
< 1.7.4

https://blog.gitea.io/2019/03/gitea-1.7.4-is-released/
63e36475-119f-11e9-aba7-080027fee39cgitea -- insufficient privilege check

The Gitea project reports:

Security

  • Prevent DeleteFilePost doing arbitrary deletion

Discovery 2019-01-04
Entry 2019-01-06
gitea
< 1.6.3

https://github.com/go-gitea/gitea/issues/5631
b12a341a-0932-11ea-bf09-080027e0baa0gitea -- multiple vulnerabilities

The Gitea Team reports:

This release contains five security fixes, so we recommend updating:

  • Fix issue with user.fullname
  • Ignore mentions for users with no access
  • Be more strict with git arguments
  • Extract the username and password from the mirror url
  • Reserve .well-known username

Discovery 2019-11-17
Entry 2019-11-22
gitea
< 1.9.10

https://blog.gitea.io/2019/11/gitea-1.10.0-is-released/
ports/241981
1650cee2-a320-11ea-a090-08002734b9edgitea -- multiple vulnerabilities

The Gitea Team reports for release 1.11.6:

  • Fix missing authorization check on pull for public repos of private/limited org (#11656) (#11683)
  • Use session for retrieving org teams (#11438) (#11439)

Discovery 2020-03-01
Entry 2020-05-31
gitea
< 1.11.6

https://github.com/go-gitea/gitea/releases/tag/v1.11.6
ports/246892
1431a25c-8a70-11eb-bd16-0800278d94f0gitea -- quoting in markdown text

The Gitea Team reports for release 1.13.5:

  • Update to goldmark 1.3.3

Discovery 2021-03-20
Entry 2021-03-21
gitea
< 1.13.5

https://github.com/go-gitea/gitea/releases/tag/v1.13.5
ports/254130
c4d2f950-8c27-11eb-a3ae-0800278d94f0gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.13.6:

  • Fix bug on avatar middleware
  • Fix another clusterfuzz identified issue

Discovery 2021-03-21
Entry 2021-03-23
gitea
< 1.13.6

https://github.com/go-gitea/gitea/releases/tag/v1.13.5
ports/254515
e7b69694-b3b5-11e9-9bb6-0800274e5f20gitea -- multiple vulnerabilities

The Gitea Team reports:

This version of Gitea contains security fixes that could not be backported to 1.8. For this reason, we strongly recommend updating.


Discovery 2019-07-31
Entry 2019-07-31
gitea
< 1.9.0

https://blog.gitea.io/2019/07/gitea-1.9.0-is-released/
https://github.com/go-gitea/gitea/releases/tag/v1.9.0
502ba001-7ffa-11eb-911c-0800278d94f0gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.13.3:

  • Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one

The Gitea Team reports for release 1.13.4:

  • Fix issue popups

Discovery 2021-01-07
Entry 2021-02-06
gitea
< 1.13.4

https://github.com/go-gitea/gitea/releases/tag/v1.13.3
https://github.com/go-gitea/gitea/releases/tag/v1.13.4
ports/254130
be088777-6085-11ea-8609-08002731610egitea -- multiple vulnerabilities

The Gitea Team reports for release 1.11.0:

  • Never allow an empty password to validate (#9682) (#9683)
  • Prevent redirect to Host (#9678) (#9679)
  • Swagger hide search field (#9554)
  • Add "search" to reserved usernames (#9063)
  • Switch to fomantic-ui (#9374)
  • Only serve attachments when linked to issue/release and if accessible by user (#9340)

The Gitea Team reports for release 1.11.2:

  • Ensure only own addresses are updated (#10397) (#10399)
  • Logout POST action (#10582) (#10585)
  • Org action fixes and form cleanup (#10512) (#10514)
  • Change action GETs to POST (#10462) (#10464)
  • Fix admin notices (#10480) (#10483)
  • Change admin dashboard to POST (#10465) (#10466)
  • Update markbates/goth (#10444) (#10445)
  • Update crypto vendors (#10385) (#10398)

Discovery 2019-11-18
Entry 2020-03-07
gitea
< 1.11.2

https://blog.gitea.io/2020/02/gitea-1.11.0-is-released/
https://blog.gitea.io/2020/03/gitea-1.11.2-is-released/
ports/244025
943d23b6-e65e-11eb-ad30-0800273f11eagitea -- multiple vulnerabilities

The Gitea Team reports for release 1.14.5:

  • Hide mirror passwords on repo settings page (#16022) (#16355)
  • Update bluemonday to v1.0.15 (#16379) (#16380)

Discovery 2021-05-16
Entry 2021-07-18
gitea
< 1.14.5

https://github.com/go-gitea/gitea/releases/tag/v1.14.5
ports/257221
733afd81-01cf-11ec-aec9-0800273f11eagitea -- multiple vulnerabilities

The Gitea Team reports for release 1.14.6:

  • Bump github.com/markbates/goth from v1.67.1 to v1.68.0 (#16538) (#16540)
  • Switch to maintained JWT lib (#16532) (#16535)
  • Upgrade to latest version of golang-jwt (as forked for 1.14) (#16590) (#16607)

Discovery 2021-07-24
Entry 2021-08-20
gitea
< 1.14.6

https://github.com/go-gitea/gitea/releases/tag/v1.14.6
ports/257973
cdb10765-6879-11eb-a7d8-08002734b9edgitea -- multiple vulnerabilities

The Gitea Team reports for release 1.13.2:

  • Prevent panic on fuzzer provided string
  • Add secure/httpOnly attributes to the lang cookie

Discovery 2021-01-07
Entry 2021-02-06
gitea
< 1.13.2

https://github.com/go-gitea/gitea/releases/tag/v1.13.2
ports/253295
fd10aa77-fb5e-11e9-af7b-0800274e5f20gitea -- information disclosure

The Gitea Team reports:

When a comment in an issue or PR mentions a user using @username, the mentioned user receives a mail notification even if they don't have permission to see the originating repository.


Discovery 2019-09-27
Entry 2019-10-30
gitea
< 1.9.5

https://github.com/go-gitea/gitea/releases/tag/v1.9.5
https://blog.gitea.io/2019/10/gitea-1.9.5-is-released/
a512a412-3a33-11ea-af63-0800274e5f20gitea -- multiple vulnerabilities

The Gitea Team reports:

  • Hide credentials when submitting migration
  • Never allow an empty password to validate
  • Prevent redirect to Host
  • Hide public repos owned by private orgs

Discovery 2019-11-22
Entry 2020-01-18
gitea
< 1.10.3

https://github.com/go-gitea/gitea/releases/tag/v1.10.3
ports/243437