Attachment #227608 for bug #258187

View | Details | Raw Unified | Return to bug 258187 | Differences between
Collapse All | Expand All




  <vuln vid="a67e358c-0bf6-11ec-875e-901b0e9408dc">
    <topic>py-matrix-synapse -- several vulnerabilities</topic>
    <affects>
      <package>
	<name>py36-matrix-synapse</name>
	<name>py37-matrix-synapse</name>
	<name>py38-matrix-synapse</name>
	<name>py39-matrix-synapse</name>
	<name>py310-matrix-synapse</name>
	<range><lt>1.41.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Matrix developers report:</p>
	<blockquote cite="https://matrix.org/blog/2021/08/31/synapse-1-41-1-released">
	  <p>This release patches two moderate severity issues which
	  could reveal metadata about private rooms:</p>
	  <ul>
	    <li>CVE-2021-39164: Enumerating a private room's list of
	    members and their display names.</li>
	    <li>CVE-2021-39163: Disclosing a private room's name,
	    avatar, topic, and number of members.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <freebsdpr>ports/258187</freebsdpr>
      <cvename>CVE-2021-39164</cvename>
      <cvename>CVE-2021-39163</cvename>
      <url>https://matrix.org/blog/2021/08/31/synapse-1-41-1-released</url>
    </references>
    <dates>
      <discovery>2021-08-31</discovery>
      <entry>2021-09-02</entry>
    </dates>
  </vuln>

  <vuln vid="032643d7-0ba7-11ec-a689-080027e50e6d">
    <topic>Python -- multiple vulnerabilities</topic>
    <affects>

Return to bug 258187

Lines 1-3 Link Here

(-)b/security/vuxml/vuln-2021.xml (+39 lines)
		1	<vuln vid="a67e358c-0bf6-11ec-875e-901b0e9408dc">
		2	<topic>py-matrix-synapse -- several vulnerabilities</topic>
		3	<affects>
		4	<package>
		5	<name>py36-matrix-synapse</name>
		6	<name>py37-matrix-synapse</name>
		7	<name>py38-matrix-synapse</name>
		8	<name>py39-matrix-synapse</name>
		9	<name>py310-matrix-synapse</name>
		10	<range><lt>1.41.1</lt></range>
		11	</package>
		12	</affects>
		13	<description>
		14	<body xmlns="http://www.w3.org/1999/xhtml">
		15	<p>Matrix developers report:</p>
		16	<blockquote cite="https://matrix.org/blog/2021/08/31/synapse-1-41-1-released">
		17	<p>This release patches two moderate severity issues which
		18	could reveal metadata about private rooms:</p>
		19	<ul>
		20	<li>CVE-2021-39164: Enumerating a private room's list of
		21	members and their display names.</li>
		22	<li>CVE-2021-39163: Disclosing a private room's name,
		23	avatar, topic, and number of members.</li>
		24	</ul>
		25	</blockquote>
		26	</body>
		27	</description>
		28	<references>
		29	<freebsdpr>ports/258187</freebsdpr>
		30	<cvename>CVE-2021-39164</cvename>
		31	<cvename>CVE-2021-39163</cvename>
		32	<url>https://matrix.org/blog/2021/08/31/synapse-1-41-1-released</url>
		33	</references>
		34	<dates>
		35	<discovery>2021-08-31</discovery>
		36	<entry>2021-09-02</entry>
		37	</dates>
		38	</vuln>
		39
1	<vuln vid="032643d7-0ba7-11ec-a689-080027e50e6d">	40	<vuln vid="032643d7-0ba7-11ec-a689-080027e50e6d">
2	<topic>Python -- multiple vulnerabilities</topic>	41	<topic>Python -- multiple vulnerabilities</topic>
3	<affects>	42	<affects>