| Release | Version |
|---|---|
| bullseye | 5.11.3+dfsg-1 |
| bullseye (security) | 5.11.3+dfsg-1+deb11u1 |
| bookworm | 5.11.3+dfsg-2.1 |
| trixie | 5.14.1+dfsg-7 |
| forky | 5.14.1+dfsg-8 |
| sid | 5.14.1+dfsg-8 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2024-47516 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A vulnerability was found in Pagure. An argument injection in Git duri ... |
| CVE-2024-47515 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A vulnerability was found in Pagure. Support of symbolic links during ... |
| CVE-2024-4982 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A directory traversal vulnerability was discovered in Pagure server. I ... |
| CVE-2024-4981 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A vulnerability was discovered in Pagure server. If a malicious user w ... |
| Bug | Description |
|---|---|
| CVE-2019-11556 | Pagure before 5.6 allows XSS via the templates/blame.html blame view. |
| CVE-2019-7628 | Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail serve ... |
| CVE-2017-1002151 | Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due t ... |
| CVE-2016-1000037 | Pagure: XSS possible in file attachment endpoint |
| CVE-2016-1000007 | Pagure 2.2.1 XSS in raw file endpoint |
| DSA / DLA | Description |
|---|---|
| DLA-4390-1 | pagure - security update |