FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-06 12:07:22 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
383931ba-1818-11e9-92ea-448a5b29e8a9	py-matrix-synapse -- undisclosed vulnerability Matrix developers report: The matrix team announces the availablility of synapse security releases 0.34.0.1 and 0.34.1.1, fixing CVE-2019-5885. Discovery 2019-01-10 Entry 2019-01-15 py27-matrix-synapse py35-matrix-synapse py36-matrix-synapse py37-matrix-synapse < 0.34.1.1 CVE-2019-5885 https://matrix.org/blog/2019/01/10/critical-security-update-synapse-0-34-0-1-synapse-0-34-1-1/
38d2df4d-b143-11e9-87e7-901b0e934d69	py-matrix-synapse -- multiple vulnerabilities Matrix developers report: The matrix team releases Synapse 1.2.1 as a critical security update. It contains patches relating to redactions and event federation: Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms. Prevent a denial-of-service attack where cycles of redaction events would make Synapse spin infinitely. Prevent an attack where users could be joined or parted from public rooms without their consent. Fix a vulnerability where a federated server could spoof read-receipts from users on other servers. It was possible for a room moderator to send a redaction for an m.room.create event, which would downgrade the room to version 1. Discovery 2019-07-26 Entry 2019-07-28 py27-matrix-synapse py35-matrix-synapse py36-matrix-synapse py37-matrix-synapse < 1.2.1 https://matrix.org/blog/2019/07/26/critical-security-update-synapse-1-2-1-released https://github.com/matrix-org/synapse/releases/tag/v1.2.1

VuXML ID

Description

383931ba-1818-11e9-92ea-448a5b29e8a9

py-matrix-synapse -- undisclosed vulnerability

Matrix developers report:

The matrix team announces the availablility of synapse security releases 0.34.0.1 and 0.34.1.1, fixing CVE-2019-5885.

Discovery 2019-01-10
Entry 2019-01-15
py27-matrix-synapse
py35-matrix-synapse
py36-matrix-synapse
py37-matrix-synapse

< 0.34.1.1

CVE-2019-5885
https://matrix.org/blog/2019/01/10/critical-security-update-synapse-0-34-0-1-synapse-0-34-1-1/

38d2df4d-b143-11e9-87e7-901b0e934d69

py-matrix-synapse -- multiple vulnerabilities

Matrix developers report:

The matrix team releases Synapse 1.2.1 as a critical security update. It contains patches relating to redactions and event federation:

Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms.

Prevent a denial-of-service attack where cycles of redaction events would make Synapse spin infinitely.

Prevent an attack where users could be joined or parted from public rooms without their consent.

Fix a vulnerability where a federated server could spoof read-receipts from users on other servers.

It was possible for a room moderator to send a redaction for an m.room.create event, which would downgrade the room to version 1.

Discovery 2019-07-26
Entry 2019-07-28
py27-matrix-synapse
py35-matrix-synapse
py36-matrix-synapse
py37-matrix-synapse

< 1.2.1

https://matrix.org/blog/2019/07/26/critical-security-update-synapse-1-2-1-released
https://github.com/matrix-org/synapse/releases/tag/v1.2.1