x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-65f3-3278-7m65

[julieqiu]

In GitHub Security Advisory GHSA-65f3-3278-7m65, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
gogs.io/gogs	0.12.5	< 0.12.5

See doc/triage.md for instructions on how to triage this report.

packages:
  - package: gogs.io/gogs
    versions:
      - fixed: 0.12.5
description: "### Impact\n\nExpired PAM accounts and accounts with expired passwords
    are continued to be seen as valid. Installations use PAM as authentication sources
    are affected.\n\n### Patches\n\nExpired PAM accounts and accounts with expired
    passwords are no longer being seen as valid. Users should upgrade to 0.12.5 or
    the latest 0.13.0+dev.\n\n### Workarounds\n\nIn addition to marking PAM accounts
    as expired, also disable/lock them. Running `usermod -L <username>` will add an
    exclamation mark to the password hash and would result in wrong passwords responses
    when trying to login. \n\n### References\n\nhttps://huntr.dev/bounties/ea82cfc9-b55c-41fe-ae58-0d0e0bd7ab62/\n\n###
    For more information\n\nIf you have any questions or comments about this advisory,
    please post on https://github.com/gogs/gogs/issues/6810.\n"
published: 2022-03-12T00:00:34Z
last_modified: 2022-03-29T19:10:32Z
cves:
  - CVE-2022-0871
ghsas:
  - GHSA-65f3-3278-7m65
links:
    context:
      - https://github.com/advisories/GHSA-65f3-3278-7m65

[tatianab]

Code is not importable