FreeBSD Bugzilla – Attachment 229671 Details for
Bug 259994
net-im/py-matrix-synapse: Security update to 1.47.1
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
vuxml for CVE-2021-41281
py-matrix-synapse_1.47.1_vuxml.diff (text/plain), 1.81 KB, created by
Evilham
on 2021-11-23 15:49:23 UTC
(
hide
)
Description:
vuxml for CVE-2021-41281
Filename:
MIME Type:
Creator:
Evilham
Created:
2021-11-23 15:49:23 UTC
Size:
1.81 KB
patch
obsolete
>diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml >index 909c8fe96f1e..74463ed364ca 100644 >--- a/security/vuxml/vuln-2021.xml >+++ b/security/vuxml/vuln-2021.xml >@@ -1,3 +1,45 @@ >+ <vuln vid="27aa2253-4c72-11ec-b6b9-e86a64caca56"> >+ <topic>py-matrix-synapse -- several vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>py36-matrix-synapse</name> >+ <name>py37-matrix-synapse</name> >+ <name>py38-matrix-synapse</name> >+ <name>py39-matrix-synapse</name> >+ <name>py310-matrix-synapse</name> >+ <range><lt>1.47.1</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Matrix developers report:</p> >+ <blockquote cite="https://matrix.org/blog/2021/11/23/synapse-1-47-1-released"> >+ <p>This release patches one high severity issue affecting >+ Synapse installations 1.47.0 and earlier using the media repository. >+ An attacker could cause these Synapses to download a remote file >+ and store it in a directory outside the media repository.</p> >+ <p>Note that:</p> >+ <ul> >+ <li>This only affects homeservers using Synapse's built-in media >+ repository, as opposed to synapse-s3-storage-provider or >+ matrix-media-repo.</li> >+ <li>Attackers cannot control the exact name or destination of the >+ stored file.</li> >+ </ul> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <freebsdpr>ports/259994</freebsdpr> >+ <cvename>CVE-2021-41281</cvename> >+ <url>https://matrix.org/blog/2021/11/23/synapse-1-47-1-released</url> >+ </references> >+ <dates> >+ <discovery>2021-11-18</discovery> >+ <entry>2021-11-23</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="0bf816f6-3cfe-11ec-86cd-dca632b19f10"> > <topic>advancecomp -- multiple vulnerabilities</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=229671">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 259994
:
229668
| 229671