Summary: | net-im/py-matrix-synapse: Security update to 1.21.2 | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Sascha Biberhofer <ports> | ||||||||
Component: | Individual Port(s) | Assignee: | Danilo G. Baio <dbaio> | ||||||||
Status: | Closed FIXED | ||||||||||
Severity: | Affects Many People | CC: | dbaio, fernape, jordan | ||||||||
Priority: | --- | Keywords: | security | ||||||||
Version: | Latest | Flags: | fernape:
merge-quarterly+
|
||||||||
Hardware: | Any | ||||||||||
OS: | Any | ||||||||||
URL: | https://github.com/matrix-org/synapse/releases/tag/v1.21.2 | ||||||||||
Attachments: |
|
Description
Sascha Biberhofer
2020-09-27 20:32:17 UTC
^Triage: If there is a changelog or release notes URL available for this version, please add it to the URL field. Thanks! Created attachment 218809 [details] net-im/py-matrix-synapse: update to 1.21.2 The synapse developers have released 1.21.0 and the subsequent minor updates 1.21.1 and 1.21.2 yesterday. This update includes a security update for an XSS vulnerability, see [1] and [2]. I've updates the patch to bump the version of the port to 1.21.2 and synced the dependencies with those required by upstream. portlint: "OK" (3 Warnings, none new) testport: OK (poudriere: 121amd64) do-test: OK (Ran 1241 tests in 459.405s, PASSED (skips=13, successes=1228)) I've been testing the resulting package on my server and things seem to be running fine. I will also provide a vuxml entry for this issue. Cheers, Sascha [1] https://github.com/matrix-org/synapse/releases/tag/v1.21.2 [2] https://github.com/matrix-org/synapse/security/advisories/GHSA-3x8c-fmpc-5rmq Created attachment 218811 [details]
vuxml: Add entry for py-matrix-synapse XSS vulnerability
The aforementioned vuxml entry. Passes `make validate`.
A commit references this bug: Author: dbaio Date: Sat Oct 17 13:50:27 UTC 2020 New revision: 552574 URL: https://svnweb.freebsd.org/changeset/ports/552574 Log: security/vuxml: Document net-im/py-matrix-synapse issue PR: 249948 Submitted by: Sascha Biberhofer <ports@skyforge.at> Security: CVE-2020-26891 Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: dbaio Date: Sat Oct 17 14:34:51 UTC 2020 New revision: 552582 URL: https://svnweb.freebsd.org/changeset/ports/552582 Log: net-im/py-matrix-synapse: Update to 1.21.2, Fix security issue Changelog: https://github.com/matrix-org/synapse/blob/v1.21.2/CHANGES.md PR: 249948 Submitted by: Sascha Biberhofer <ports@skyforge.at> (maintainer) MFH: 2020Q4 Security: 5f39d80f-107c-11eb-8b47-641c67a117d8 Changes: head/net-im/py-matrix-synapse/Makefile head/net-im/py-matrix-synapse/distinfo head/net-im/py-matrix-synapse/files/patch-synapse_python__dependencies.py A commit references this bug: Author: dbaio Date: Sat Oct 17 17:29:05 UTC 2020 New revision: 552601 URL: https://svnweb.freebsd.org/changeset/ports/552601 Log: MFH: r552582 net-im/py-matrix-synapse: Update to 1.21.2, Fix security issue Changelog: https://github.com/matrix-org/synapse/blob/v1.21.2/CHANGES.md PR: 249948 Submitted by: Sascha Biberhofer <ports@skyforge.at> (maintainer) Security: 5f39d80f-107c-11eb-8b47-641c67a117d8 Approved by: ports-secteam (joneum) Changes: _U branches/2020Q4/ branches/2020Q4/net-im/py-matrix-synapse/Makefile branches/2020Q4/net-im/py-matrix-synapse/distinfo branches/2020Q4/net-im/py-matrix-synapse/files/patch-synapse_python__dependencies.py Committed, thanks! |