| Release | Version |
|---|---|
| bullseye | 5.11.3+dfsg-1 |
| bookworm | 5.11.3+dfsg-2.1 |
| trixie | 5.14.1+dfsg-1 |
| sid | 5.14.1+dfsg-3 |
| Bug | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|
| CVE-2024-47516 | vulnerable | vulnerable | fixed | fixed | Argument Injection in PagureRepo.log() |
| CVE-2024-47515 | vulnerable | vulnerable | fixed | fixed | A vulnerability was found in Pagure. Support of symbolic links during ... |
| CVE-2024-4982 | vulnerable | vulnerable | fixed | fixed | Path traversal in view_issue_raw_file() |
| CVE-2024-4981 | vulnerable | vulnerable | fixed | fixed | pagure: _update_file_in_git() follows symbolic links in temporary clones |
| Bug | Description |
|---|---|
| CVE-2019-11556 | Pagure before 5.6 allows XSS via the templates/blame.html blame view. |
| CVE-2019-7628 | Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail serve ... |
| CVE-2017-1002151 | Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due t ... |
| CVE-2016-1000037 | Pagure: XSS possible in file attachment endpoint |
| CVE-2016-1000007 | Pagure 2.2.1 XSS in raw file endpoint |