FreeBSD Bugzilla – Attachment 220470 Details for
Bug 251768
net-im/py-matrix-synapse: Update to 1.24.0
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
vuxml: add entry for CVE-2020-26257
vuxml_py-matrix-synapse_1.24.0.diff (text/plain), 1.86 KB, created by
Evilham
on 2020-12-11 23:34:17 UTC
(
hide
)
Description:
vuxml: add entry for CVE-2020-26257
Filename:
MIME Type:
Creator:
Evilham
Created:
2020-12-11 23:34:17 UTC
Size:
1.86 KB
patch
obsolete
>Index: vuln.xml >=================================================================== >--- vuln.xml (revision 557764) >+++ vuln.xml (working copy) >@@ -58,6 +58,46 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="452b3b2a-3c06-11eb-adb6-e86a64caca56"> >+ <topic>py-matrix-synapse -- DoS on Federation API</topic> >+ <affects> >+ <package> >+ <name>py36-matrix-synapse</name> >+ <name>py37-matrix-synapse</name> >+ <name>py38-matrix-synapse</name> >+ <name>py39-matrix-synapse</name> >+ <range><lt>1.23.1</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Matrix developers reports:</p> >+ <blockquote cite="https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm"> >+ <p>A malicious or poorly-implemented homeserver can inject malformed >+ events into a room by specifying a different room id in the path of >+ a /send_join, /send_leave, /invite or /exchange_third_party_invite >+ request. >+ >+ This can lead to a denial of service in which future events will >+ not be correctly sent to other servers over federation. >+ >+ This affects any server which accepts federation requests from >+ untrusted servers.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2020-26257</cvename> >+ <url>https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm</url> >+ <url>https://github.com/matrix-org/synapse/releases/tag/v1.24.0</url> >+ <freebsdpr>ports/251768</freebsdpr> >+ </references> >+ <dates> >+ <discovery>2020-12-09</discovery> >+ <entry>2020-12-11</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="88dfd92f-3b9c-11eb-929d-d4c9ef517024"> > <topic>LibreSSL -- NULL pointer dereference</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=220470">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
contact
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 251768
:
220469
| 220470