pagure 5.11.3+dfsg-1ubuntu0.1 source package in Ubuntu
Changelog
pagure (5.11.3+dfsg-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: path traversal via symbolic links
- debian/patches/CVE-2024-4981.patch: validate that the file paths are
within temp repository and outside '.git/' folder to prevent data
leaks and unauthorized file modifications
- CVE-2024-4981
* SECURITY UPDATE: Path traversal in view_issue_raw_file()
- debian/patches/CVE-2024-4982.patch: use werkzeug.security.safe_join()
instead of plain 'os.path.join()' to sanitize user-provided filename
- CVE-2024-4982
* SECURITY UPDATE: UNIX symbolic link following
- debian/patches/CVE-2024-47515.patch: in case of symlinks, add actual
link instead of target to the zip archive which avoids following of
symlinks and inclusion of data from outside the repo
- CVE-2024-47515
* SECURITY UPDATE: argument injection in PagureRepo.log()
- debian/patches/CVE-2024-47516.patch: prevent the injection of
additional options to the git command-line by adding the
`--end-of-option` flag before any user-controlled value
-- Shishir Subedi <email address hidden> Wed, 28 Jan 2026 08:26:18 +0545
Upload details
- Uploaded by:
- Shishir Subedi
- Uploaded to:
- Jammy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Jammy | updates | universe | misc | |
| Jammy | security | universe | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| pagure_5.11.3+dfsg.orig.tar.xz | 3.8 MiB | 4f04ea823f10491d2457346af720764dae9176ede4a94525f3b90babc6a1403a |
| pagure_5.11.3+dfsg-1ubuntu0.1.debian.tar.xz | 26.2 KiB | d353df984d3989c39ab1479747da14e17fcb8bc691468703f2e33d0888adf9d5 |
| pagure_5.11.3+dfsg-1ubuntu0.1.dsc | 3.1 KiB | bc35fde7ea36d84530b3fb6a948ce063856835876976d613e6b78f8789d2a5b0 |
Available diffs
Binary packages built by this source
- pagure: git-centered forge using pygit2
Pagure is a git-centered forge, Python based using pygit2.
.
With pagure you can host your project with its documentation, let your
users report issues or request enhancements using the ticketing system
and build your community of contributors by allowing them to fork your
projects and contribute to it via the now-popular pull-request
mechanism.
.
You may be also interesed in other packages to enhance the
functionality of pagure:
* pagure-ev-server
* pagure-milters
* pagure-webhook
* pagure-ci
* pagure-loadjson
* pagure-logcom
* pagure-mirror
- pagure-ci: git-centered forge using pygit2 - CI integration server
Pagure is a git-centered forge, Python based using pygit2.
.
pagure-ci is a service integrating the results of Continuous
Integration (CI) services, such as jenkins, into pull-requests opened
against your project on pagure.
- pagure-doc: git-centered forge using pygit2 (documentation)
Pagure is a git-centered forge, Python based using pygit2.
.
With pagure you can host your project with its documentation, let your
users report issues or request enhancements using the ticketing system
and build your community of contributors by allowing them to fork your
projects and contribute to it via the now-popular pull-request
mechanism.
.
This is the common documentation package.
- pagure-ev-server: git-centered forge using pygit2 - EventSource server
Pagure is a git-centered forge, Python based using pygit2.
.
pagure-ev-server used to allow live-refreshing of a page when someone
is viewing it. For example, while you are reading a ticket if someone
comments on it, the comment will automatically show up on the page
without the need for you to reload the entire page.
- pagure-loadjson: git-centered forge using pygit2 - JSON load server
Pagure is a git-centered forge, Python based using pygit2.
.
This service loads into the database the JSON files representing
issues (and in the future also the pull-requests).
.
It is triggered by a git hook, which sends a notification that a push
happened. This service receives the notification, finds the list
of files that changed and loads them into the database.
- pagure-logcom: git-centered forge using pygit2 - commit log server
Pagure is a git-centered forge, Python based using pygit2.
.
This service logs in the user's commits to be displayed in the
database.
.
It is triggered by a git hook, which sends a notification that a push
happened. This service receives the notification, goes over all of
the commits that got pushed and logs the activity corresponding to
that user.
- pagure-milters: git-centered forge using pygit2 - milters (mail filters)
Pagure is a git-centered forge, Python based using pygit2.
.
pagure-milters is used to allow replying on a comment of a ticket or a
pull-request by directly replying to the notification sent. No need
to go to the page anymore to reply to a comment someone made.
.
It integrates with an MTA such as postfix or sendmail that you will
have running and have access to in order to change its configuration.
- pagure-mirror: git-centered forge using pygit2 - mirror
Pagure is a git-centered forge, Python based using pygit2.
.
pagure-mirror is the service mirroring projects that asked for it
outside of this pagure instance.
- pagure-webhook: git-centered forge using pygit2 - web-hook server
Pagure is a git-centered forge, Python based using pygit2.
.
pagure-webhook sends notifications to third party services using POST
http requests.
