x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-gw5h-h6hj-f56g

[GoVulnBot]

In GitHub Security Advisory GHSA-gw5h-h6hj-f56g, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
gogs.io/gogs	0.12.5	< 0.12.5

See doc/triage.md for instructions on how to triage this report.

package: gogs.io/gogs
versions:
  - introduced: v0.0.0
    fixed: v0.12.5
description: "### Impact\n\nExpired PAM accounts and accounts with expired passwords
    are continued to be seen as valid. Installations use PAM as authentication sources
    are affected.\n\n### Patches\n\nExpired PAM accounts and accounts with expired
    passwords are no longer being seen as valid. Users should upgrade to 0.12.5 or
    the latest 0.13.0+dev.\n\n### Workarounds\n\nIn addition to marking PAM accounts
    as expired, also disable/lock them. Running `usermod -L <username>` will add an
    exclamation mark to the password hash and would result in wrong passwords responses
    when trying to login. \n\n### References\n\nhttps://huntr.dev/bounties/ea82cfc9-b55c-41fe-ae58-0d0e0bd7ab62/\n\n###
    For more information\n\nIf you have any questions or comments about this advisory,
    please post on https://github.com/gogs/gogs/issues/6810.\n"
published: 2022-03-14T22:58:37Z
last_modified: 2022-03-18T13:33:47Z
ghsas:
  - GHSA-gw5h-h6hj-f56g

[neild]

Vulnerability in tool.

[gopherbot]

Change https://go.dev/cl/592767 mentions this issue: data/reports: unexclude 50 reports

[gopherbot]

Change https://go.dev/cl/607217 mentions this issue: data/reports: unexclude 20 reports (15)