Skip to content

Add Gitea archive token-scope fix references#8323

Open
cookesan wants to merge 1 commit into
github:cookesan/advisory-improvement-8323from
cookesan:gitea-cr4g-fix-references
Open

Add Gitea archive token-scope fix references#8323
cookesan wants to merge 1 commit into
github:cookesan/advisory-improvement-8323from
cookesan:gitea-cr4g-fix-references

Conversation

@cookesan

@cookesan cookesan commented Jun 29, 2026

Copy link
Copy Markdown

Adds Gitea archive token-scope fix references to GHSA-cr4g-f395-h25h.

Audit refresh, July 8, 2026:

  • Confirmed the live PR is open, ready for review, merge-clean, and the visible advisory check is green.
  • Rechecked the merge-base diff: exactly one advisory JSON file changes (advisories/github-reviewed/2026/06/GHSA-cr4g-f395-h25h/GHSA-cr4g-f395-h25h.json), JSON parses, git diff --check passes, and the exact-head worktree is clean.
  • Revalidated the added public references in the diff; all resolve through their source site or registry.

@github-actions github-actions Bot changed the base branch from main to cookesan/advisory-improvement-8323 June 29, 2026 18:54
@cookesan

cookesan commented Jul 7, 2026

Copy link
Copy Markdown
Author

Maintainer audit: this only expands the reference set for the Gitea archive token-scope advisory. go-gitea/gitea#37735 and the release/v1.26 backport #37757 are merged, release-branch commit 9c0ad8291b43cdc3aff32609ad14766635a458a2 resolves, the v1.26.2 release/blog and Go module record resolve, and CVE-2026-20706 is present in NVD. The advisory JSON parses, the committed diff passes git diff --check, the PR is merge-clean, and advisory processing is successful. No package, affected range, severity, or database metadata is changed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant