FreeBSD Bugzilla – Attachment 218007 Details for
Bug 249375
net-im/py-matrix-synapse: Update to 1.19.3
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Add a vuxml entry for py-matrix-synapse 1.19.1 and below
vuxml-py-matrix-synapse-1.19.2.patch (text/plain), 1.79 KB, created by
Sascha Biberhofer
on 2020-09-16 14:17:40 UTC
(
hide
)
Description:
Add a vuxml entry for py-matrix-synapse 1.19.1 and below
Filename:
MIME Type:
Creator:
Sascha Biberhofer
Created:
2020-09-16 14:17:40 UTC
Size:
1.79 KB
patch
obsolete
>commit 4c1c0d03cb732bb0f5cb591398aec6fcbdf5911f >Author: Sascha Biberhofer <sascha.biberhofer@skyforge.at> >Date: Wed Sep 16 16:07:35 2020 +0200 > > security/vuxml: Add entry for py-matrix-synapse-1.19.2 > > Signed-off-by: Sascha Biberhofer <sascha.biberhofer@skyforge.at> > >diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml >index b78768d10d06..c51250e4f421 100644 >--- a/security/vuxml/vuln.xml >+++ b/security/vuxml/vuln.xml >@@ -58,6 +58,35 @@ Notes: > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="4a9611b6-f823-11ea-a00e-901b0e934d69"> >+ <topic>py-matrix-synapse -- malformed events may prevent users from joining federated rooms</topic> >+ <affects> >+ <package> >+ <name>py36-matrix-synapse</name> >+ <name>py37-matrix-synapse</name> >+ <name>py38-matrix-synapse</name> >+ <range><lt>1.19.2</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Matrix developers report:</p> >+ <blockquote cite="https://github.com/matrix-org/synapse/issues/8319"> >+ <p>Apparently Synapse incorrectly accepts [events without the required origin field] normally, but joining the room via another server breaks it [...].</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://github.com/matrix-org/synapse/issues/8319</url> >+ <url>https://github.com/matrix-org/synapse/pull/8324</url> >+ <url>https://github.com/matrix-org/synapse/releases/tag/v1.19.2</url> >+ </references> >+ <dates> >+ <discovery>2020-09-16</discovery> >+ <entry>2020-09-16</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="7b630362-f468-11ea-a96c-08002728f74c"> > <topic>Rails -- Potential XSS vulnerability</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=218007">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
ports
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 249375
:
218006
| 218007 |
218081
|
218143