FreeBSD Bugzilla – Attachment 216156 Details for
Bug 247720
net-im/py-matrix-synapse: Update to 1.15.2 (security)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
py-matrix-synapse 1.15.2 vuln.xml entry (patch format)
py-matrix-synapse-1.15.2-vuxml.patch (text/plain), 1.83 KB, created by
Sascha Biberhofer
on 2020-07-03 06:44:41 UTC
(
hide
)
Description:
py-matrix-synapse 1.15.2 vuln.xml entry (patch format)
Filename:
MIME Type:
Creator:
Sascha Biberhofer
Created:
2020-07-03 06:44:41 UTC
Size:
1.83 KB
patch
obsolete
>diff -Naur security/vuxml.orig/vuln.xml security/vuxml/vuln.xml >--- security/vuxml.orig/vuln.xml 2020-07-02 19:21:57.000000000 +0000 >+++ security/vuxml/vuln.xml 2020-07-03 06:41:26.921291000 +0000 >@@ -58,6 +58,37 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="2f61c757-bc81-11ea-88cc-901b0e934d69"> >+ <topic>py-matrix-synapse -- multiple vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>py36-matrix-synapse</name> >+ <name>py37-matrix-synapse</name> >+ <name>py38-matrix-synapse</name> >+ <range><lt>1.15.2</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Matrix developers report:</p> >+ <blockquote cite="https://github.com/matrix-org/synapse/releases/tag/v1.15.2"> >+ <p>Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild.</p> >+ <ul> >+ <li>A malicious homeserver could force Synapse to reset the state in a room to a small subset of the correct state. This affects all Synapse deployments which federate with untrusted servers.</li> >+ <li>HTML pages served via Synapse were vulnerable to clickjacking attacks. This predominantly affects homeservers with single-sign-on enabled, but all server administrators are encouraged to upgrade.</li> >+ </ul> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://github.com/matrix-org/synapse/releases/tag/v1.15.2</url> >+ </references> >+ <dates> >+ <discovery>2020-07-02</discovery> >+ <entry>2020-07-02</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="0a305431-bc98-11ea-a051-001b217b3468"> > <topic>Gitlab -- Multiple Vulnerabilities</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=216156">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
ports
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 247720
:
216148
|
216149
| 216156