FreeBSD Bugzilla – Attachment 218143 Details for
Bug 249375
net-im/py-matrix-synapse: Update to 1.19.3
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Updated vuxml entry for py-matrix-synapse 1.19.1 and below
vuxml-synapse-1.19.2.diff (text/plain), 1.70 KB, created by
Denis Kasak
on 2020-09-21 11:33:04 UTC
(
hide
)
Description:
Updated vuxml entry for py-matrix-synapse 1.19.1 and below
Filename:
MIME Type:
Creator:
Denis Kasak
Created:
2020-09-21 11:33:04 UTC
Size:
1.70 KB
patch
obsolete
>--- vuln.xml.orig 2020-09-21 12:50:23.946846000 +0200 >+++ vuln.xml 2020-09-21 13:08:06.720385000 +0200 >@@ -58,6 +58,39 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="4a9611b6-f823-11ea-a00e-901b0e934d69"> >+ <topic>py-matrix-synapse -- malformed events may prevent users from joining federated rooms</topic> >+ <affects> >+ <package> >+ <name>py36-matrix-synapse</name> >+ <name>py37-matrix-synapse</name> >+ <name>py38-matrix-synapse</name> >+ <range><lt>1.19.2</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <h1>Problem Description:</h1> >+ <p>Affected Synapse versions assume that all events have an "origin" field set. If an event >+ without the "origin" field is sent into a federated room, servers not already joined to >+ the room will be unable to do so due to failing to fetch the malformed event.</p> >+ <h1>Impact:</h1> >+ <p>An attacker could cause a denial of service by deliberately sending a malformed event >+ into a room, thus preventing new servers (and thus their users) from joining the >+ room.</p> >+ </body> >+ </description> >+ <references> >+ <url>https://github.com/matrix-org/synapse/issues/8319</url> >+ <url>https://github.com/matrix-org/synapse/pull/8324</url> >+ <url>https://github.com/matrix-org/synapse/releases/tag/v1.19.2</url> >+ </references> >+ <dates> >+ <discovery>2020-09-16</discovery> >+ <entry>2020-09-21</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="2cb21232-fb32-11ea-a929-a4bf014bf5f7"> > <topic>Python -- multiple vulnerabilities</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=218143">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 249375
:
218006
|
218007
|
218081
| 218143