Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
700fadb7 by Salvatore Bonaccorso at 2026-07-04T09:17:41+02:00
Process some new gitea issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2026-58523 (Improper access control in Microsoft Edge for
Android allows an
CVE-2026-58522 (Relative path traversal in Microsoft Edge for Android allows
an unauth ...)
NOT-FOR-US: Microsoft
CVE-2026-58426 (Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows
cross-repo ...)
- TODO: check
+ - gitea <removed>
CVE-2026-58424 (Permanent Fork PR Workflow Approval Gate Bypass)
TODO: check
CVE-2026-58423 (LFS authentication bypass via malformed SSH sub-verb allows
unauthoriz ...)
@@ -101,71 +101,71 @@ CVE-2026-45489 (Microsoft Edge (Chromium-based) Spoofing
Vulnerability)
CVE-2026-45488 (User interface (ui) misrepresentation of critical information
in Micro ...)
NOT-FOR-US: Microsoft
CVE-2026-28744 (Gitea versions up to and including 1.26.1 allow Git smart HTTP
request ...)
- TODO: check
+ - gitea <removed>
CVE-2026-28740 (Gitea versions up to and including 1.26.2 allow Git LFS object
reuse t ...)
- TODO: check
+ - gitea <removed>
CVE-2026-28737 (Gitea versions from 1.25.0 before 1.26.0 allow stored
cross-site scrip ...)
- TODO: check
+ - gitea <removed>
CVE-2026-28705 (Gitea versions before 1.25.5 use release tag names and asset
names as ...)
- TODO: check
+ - gitea <removed>
CVE-2026-28699 (Gitea versions up to and including 1.26.1 allow OAuth2 access
token sc ...)
- TODO: check
+ - gitea <removed>
CVE-2026-27783 (Gitea versions up to and including 1.26.1 do not enforce
repository-un ...)
- TODO: check
+ - gitea <removed>
CVE-2026-27780 (Gitea versions before 1.26.0 do not fail closed on
bufio.Scanner error ...)
- TODO: check
+ - gitea <removed>
CVE-2026-27779 (Gitea versions before 1.25.5 accept malformed or injected
forwarded-pr ...)
- TODO: check
+ - gitea <removed>
CVE-2026-27775 (Gitea 1.25.5 caches a branch-specific write-permission result
across m ...)
- TODO: check
+ - gitea <removed>
CVE-2026-27771 (Gitea versions up to and including 1.26.1 have insufficient
permission ...)
- TODO: check
+ - gitea <removed>
CVE-2026-27761 (Gitea versions up to and including 1.26.2 allow repository RSS
and Ato ...)
- TODO: check
+ - gitea <removed>
CVE-2026-27660 (Gitea versions before 1.25.5 allow draft release data or
attachments t ...)
- TODO: check
+ - gitea <removed>
CVE-2026-27657 (Gitea versions before 1.25.5 allow a user to change another
user's pri ...)
- TODO: check
+ - gitea <removed>
CVE-2026-26307 (Gitea versions before 1.25.5 do not enforce a timeout on git
grep sear ...)
- TODO: check
+ - gitea <removed>
CVE-2026-26292 (Gitea versions before 1.25.5 do not use the migration HTTP
transport f ...)
- TODO: check
+ - gitea <removed>
CVE-2026-26247 (Gitea versions before 1.25.5 do not persist the OAuth2 PKCE
S256 chall ...)
- TODO: check
+ - gitea <removed>
CVE-2026-26232 (Gitea versions before 1.25.5 do not consistently enforce
OAuth2 author ...)
- TODO: check
+ - gitea <removed>
CVE-2026-26231 (Gitea versions up to and including 1.26.1 allow the Allow
edits from m ...)
- TODO: check
+ - gitea <removed>
CVE-2026-25782 (Gitea versions before 1.25.5 look up tracked-time entries by
time ID w ...)
- TODO: check
+ - gitea <removed>
CVE-2026-25779 (Gitea versions up to and including 1.25.4 allow redirect
bypasses thro ...)
- TODO: check
+ - gitea <removed>
CVE-2026-25718 (Gitea versions before 1.25.5 mishandle path resolution during
template ...)
- TODO: check
+ - gitea <removed>
CVE-2026-25714 (Gitea versions up to and including 1.26.1 do not apply
public-only tok ...)
- TODO: check
+ - gitea <removed>
CVE-2026-25712 (Gitea versions before 1.25.5 have insufficient visibility
checks in or ...)
- TODO: check
+ - gitea <removed>
CVE-2026-25038 (Gitea 1.26.2 allows unauthorized users to access labels of
private org ...)
- TODO: check
+ - gitea <removed>
CVE-2026-24690 (Gitea versions before 1.25.5 have insufficient permission
checks for u ...)
- TODO: check
+ - gitea <removed>
CVE-2026-24451 (Gitea 1.26.2 allows fork synchronization to continue after a
parent re ...)
- TODO: check
+ - gitea <removed>
CVE-2026-22874 (Gitea versions up to and including 1.26.2 have incomplete SSRF
protect ...)
- TODO: check
+ - gitea <removed>
CVE-2026-22555 (Gitea versions before 1.26.0 allow API users to fork a
repository into ...)
- TODO: check
+ - gitea <removed>
CVE-2026-22547 (Gitea versions before 1.25.5 lack validation constraints for
repositor ...)
- TODO: check
+ - gitea <removed>
CVE-2026-20909 (Gitea versions before 1.25.5 have insufficient permission
checks when ...)
- TODO: check
+ - gitea <removed>
CVE-2026-20896 (Gitea Docker image versions up to and including 1.26.2 use
REVERSE_PRO ...)
- TODO: check
+ - gitea <removed>
CVE-2026-20779 (Gitea versions from 1.5.0 before 1.26.3 have a TOTP single-use
enforce ...)
- TODO: check
+ - gitea <removed>
CVE-2026-20706 (Gitea versions up to and including 1.26.1 allow repository
archive dow ...)
- TODO: check
+ - gitea <removed>
CVE-2026-14618 (A vulnerability was detected in Open5GS up to 2.7.7. Affected
by this ...)
TODO: check
CVE-2026-14617 (A security vulnerability has been detected in NousResearch
hermes-agen ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/700fadb7bbbd0613f2559e7da618eaed2b28d29f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/700fadb7bbbd0613f2559e7da618eaed2b28d29f
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits