From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 15508158015 for ; Sat, 23 Dec 2023 09:41:21 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 266C42BC058; Sat, 23 Dec 2023 09:40:56 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 97A082BC02B for ; Sat, 23 Dec 2023 09:40:38 +0000 (UTC) Received: from glsamakerdev.dev.gentoo.org (unknown [140.211.166.165]) by smtp.gentoo.org (Postfix) with ESMTP id 089B434068A for ; Sat, 23 Dec 2023 09:40:38 +0000 (UTC) Received: from [172.18.0.3] (unknown [172.18.0.3]) by glsamakerdev.dev.gentoo.org (Postfix) with ESMTP id E4CD08C76D for ; Sat, 23 Dec 2023 09:40:37 +0000 (UTC) Subject: [gentoo-announce] [ GLSA 202312-13 ] Gitea: Multiple Vulnerabilities Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-announce@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="===============1384403954494149175==" From: glsamaker@gentoo.org To: gentoo-announce@lists.gentoo.org Reply-To: security@gentoo.org Date: Sat, 23 Dec 2023 09:40:37 -0000 Message-ID: <170332443793.7.6474544321618705655@da6e833bac34> X-Archives-Salt: 3b06824b-8407-4727-ac52-f0cb8ca59b94 X-Archives-Hash: 48e9b0ff30ab78f2947bef32c5cafa47 --===============1384403954494149175== Content-Type: text/plain; charset="utf-8" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202312-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Gitea: Multiple Vulnerabilities Date: December 23, 2023 Bugs: #887825, #891983, #905886, #918674 ID: 202312-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Gitea, the worst of which could result in information leakage. Background ========== Gitea is a painless self-hosted Git service. Affected packages ================= Package Vulnerable Unaffected -------------- ------------ ------------ www-apps/gitea < 1.20.6 >= 1.20.6 Description =========== Multiple vulnerabilities have been discovered in Gitea. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Gitea users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/gitea-1.20.6" References ========== [ 1 ] CVE-2023-3515 https://nvd.nist.gov/vuln/detail/CVE-2023-3515 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202312-13 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 --===============1384403954494149175== Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmWGqxUACgkQFMQkOaVy +9mJNBAApGbbzQsA/QyB+ZviQxP9IJgIGvnt7wKS13DXxf8unEWwP3frlzskOtd0 gl5jdEeaWDs4hdwbMqWT+AZpcQf5kIJXZ9EeQ1ZqDczKeiRuQkgUTjw4Jiu6XYn6 kro2/Zg/s5SUm+KxQ8FslgTheGOIbtkFGk9ZT5zPtMI7nEWcJtgweahnpC0+yAWK 2HJpD+iDVQpSjYbXaZPOeLnAmX5OGfL8w+2d3E5YiJehDy4mjGcU0DxdsrwbAdZN mPxZNSaygf6wl6DOFltoGZeciXhOh8lTci9vCZHd8zH6nGgTldGJovwbZYW/IkYv egBqPcsPd65p633pwr3yUfVs+jBx9GaricjBBSlHFbqK9AIOmksqI3NX9PO9iCT+ GUxkAXFSG8GPYJwflSxjcqNcs2GgvDHio+Q8hMCwmSvLuPlqXEz5eDRe6aHVeuQF OOXh8omofeO/r6UUy1ORd3vvQle4nEfKd4DgBtWoUvpfwWlMpwxp7toNKl20xc6c eDlvzQkZm6OfjxSvhD/HVSVg9r8ra180T/KCpesJ2KZdCKR1/ZwC6No2pe1URULP GnR/rmPnoLUcF0fqWUNV6jx60enpIihpsUAsUmnX93jYiw8hxoNTrSG015J8WBXE KfWJB2BGEWtg8z1nMuG0L8mC6IQYYm6LyNymQ/Wk4lj8j4WrXGE= =mQqP -----END PGP SIGNATURE----- --===============1384403954494149175==--