View | Details | Raw Unified | Return to bug 258187 | Differences between
and this patch

Collapse All | Expand All

(-)b/security/vuxml/vuln-2021.xml (+39 lines)
Lines 1-3 Link Here
1
  <vuln vid="a67e358c-0bf6-11ec-875e-901b0e9408dc">
2
    <topic>py-matrix-synapse -- several vulnerabilities</topic>
3
    <affects>
4
      <package>
5
	<name>py36-matrix-synapse</name>
6
	<name>py37-matrix-synapse</name>
7
	<name>py38-matrix-synapse</name>
8
	<name>py39-matrix-synapse</name>
9
	<name>py310-matrix-synapse</name>
10
	<range><lt>1.41.1</lt></range>
11
      </package>
12
    </affects>
13
    <description>
14
      <body xmlns="http://www.w3.org/1999/xhtml">
15
	<p>Matrix developers report:</p>
16
	<blockquote cite="https://matrix.org/blog/2021/08/31/synapse-1-41-1-released">
17
	  <p>This release patches two moderate severity issues which
18
	  could reveal metadata about private rooms:</p>
19
	  <ul>
20
	    <li>CVE-2021-39164: Enumerating a private room's list of
21
	    members and their display names.</li>
22
	    <li>CVE-2021-39163: Disclosing a private room's name,
23
	    avatar, topic, and number of members.</li>
24
	  </ul>
25
	</blockquote>
26
      </body>
27
    </description>
28
    <references>
29
      <freebsdpr>ports/258187</freebsdpr>
30
      <cvename>CVE-2021-39164</cvename>
31
      <cvename>CVE-2021-39163</cvename>
32
      <url>https://matrix.org/blog/2021/08/31/synapse-1-41-1-released</url>
33
    </references>
34
    <dates>
35
      <discovery>2021-08-31</discovery>
36
      <entry>2021-09-02</entry>
37
    </dates>
38
  </vuln>
39
1
  <vuln vid="032643d7-0ba7-11ec-a689-080027e50e6d">
40
  <vuln vid="032643d7-0ba7-11ec-a689-080027e50e6d">
2
    <topic>Python -- multiple vulnerabilities</topic>
41
    <topic>Python -- multiple vulnerabilities</topic>
3
    <affects>
42
    <affects>

Return to bug 258187