Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
700fadb7 by Salvatore Bonaccorso at 2026-07-04T09:17:41+02:00
Process some new gitea issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2026-58523 (Improper access control in Microsoft Edge for 
Android allows an
 CVE-2026-58522 (Relative path traversal in Microsoft Edge for Android allows 
an unauth ...)
        NOT-FOR-US: Microsoft
 CVE-2026-58426 (Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows 
cross-repo ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-58424 (Permanent Fork PR Workflow Approval Gate Bypass)
        TODO: check
 CVE-2026-58423 (LFS authentication bypass via malformed SSH sub-verb allows 
unauthoriz ...)
@@ -101,71 +101,71 @@ CVE-2026-45489 (Microsoft Edge (Chromium-based) Spoofing 
Vulnerability)
 CVE-2026-45488 (User interface (ui) misrepresentation of critical information 
in Micro ...)
        NOT-FOR-US: Microsoft
 CVE-2026-28744 (Gitea versions up to and including 1.26.1 allow Git smart HTTP 
request ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-28740 (Gitea versions up to and including 1.26.2 allow Git LFS object 
reuse t ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-28737 (Gitea versions from 1.25.0 before 1.26.0 allow stored 
cross-site scrip ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-28705 (Gitea versions before 1.25.5 use release tag names and asset 
names as  ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-28699 (Gitea versions up to and including 1.26.1 allow OAuth2 access 
token sc ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-27783 (Gitea versions up to and including 1.26.1 do not enforce 
repository-un ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-27780 (Gitea versions before 1.26.0 do not fail closed on 
bufio.Scanner error ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-27779 (Gitea versions before 1.25.5 accept malformed or injected 
forwarded-pr ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-27775 (Gitea 1.25.5 caches a branch-specific write-permission result 
across m ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-27771 (Gitea versions up to and including 1.26.1 have insufficient 
permission ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-27761 (Gitea versions up to and including 1.26.2 allow repository RSS 
and Ato ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-27660 (Gitea versions before 1.25.5 allow draft release data or 
attachments t ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-27657 (Gitea versions before 1.25.5 allow a user to change another 
user's pri ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-26307 (Gitea versions before 1.25.5 do not enforce a timeout on git 
grep sear ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-26292 (Gitea versions before 1.25.5 do not use the migration HTTP 
transport f ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-26247 (Gitea versions before 1.25.5 do not persist the OAuth2 PKCE 
S256 chall ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-26232 (Gitea versions before 1.25.5 do not consistently enforce 
OAuth2 author ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-26231 (Gitea versions up to and including 1.26.1 allow the Allow 
edits from m ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-25782 (Gitea versions before 1.25.5 look up tracked-time entries by 
time ID w ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-25779 (Gitea versions up to and including 1.25.4 allow redirect 
bypasses thro ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-25718 (Gitea versions before 1.25.5 mishandle path resolution during 
template ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-25714 (Gitea versions up to and including 1.26.1 do not apply 
public-only tok ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-25712 (Gitea versions before 1.25.5 have insufficient visibility 
checks in or ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-25038 (Gitea 1.26.2 allows unauthorized users to access labels of 
private org ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-24690 (Gitea versions before 1.25.5 have insufficient permission 
checks for u ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-24451 (Gitea 1.26.2 allows fork synchronization to continue after a 
parent re ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-22874 (Gitea versions up to and including 1.26.2 have incomplete SSRF 
protect ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-22555 (Gitea versions before 1.26.0 allow API users to fork a 
repository into ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-22547 (Gitea versions before 1.25.5 lack validation constraints for 
repositor ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-20909 (Gitea versions before 1.25.5 have insufficient permission 
checks when  ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-20896 (Gitea Docker image versions up to and including 1.26.2 use 
REVERSE_PRO ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-20779 (Gitea versions from 1.5.0 before 1.26.3 have a TOTP single-use 
enforce ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-20706 (Gitea versions up to and including 1.26.1 allow repository 
archive dow ...)
-       TODO: check
+       - gitea <removed>
 CVE-2026-14618 (A vulnerability was detected in Open5GS up to 2.7.7. Affected 
by this  ...)
        TODO: check
 CVE-2026-14617 (A security vulnerability has been detected in NousResearch 
hermes-agen ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/700fadb7bbbd0613f2559e7da618eaed2b28d29f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/700fadb7bbbd0613f2559e7da618eaed2b28d29f
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to