FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
38d2df4d-b143-11e9-87e7-901b0e934d69py-matrix-synapse -- multiple vulnerabilities

Matrix developers report:

The matrix team releases Synapse 1.2.1 as a critical security update. It contains patches relating to redactions and event federation:

  • Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms.
  • Prevent a denial-of-service attack where cycles of redaction events would make Synapse spin infinitely.
  • Prevent an attack where users could be joined or parted from public rooms without their consent.
  • Fix a vulnerability where a federated server could spoof read-receipts from users on other servers.
  • It was possible for a room moderator to send a redaction for an m.room.create event, which would downgrade the room to version 1.

Discovery 2019-07-26
Entry 2019-07-28
py27-matrix-synapse
py35-matrix-synapse
py36-matrix-synapse
py37-matrix-synapse
< 1.2.1

https://matrix.org/blog/2019/07/26/critical-security-update-synapse-1-2-1-released
https://github.com/matrix-org/synapse/releases/tag/v1.2.1
383931ba-1818-11e9-92ea-448a5b29e8a9py-matrix-synapse -- undisclosed vulnerability

Matrix developers report:

The matrix team announces the availablility of synapse security releases 0.34.0.1 and 0.34.1.1, fixing CVE-2019-5885.


Discovery 2019-01-10
Entry 2019-01-15
py27-matrix-synapse
py35-matrix-synapse
py36-matrix-synapse
py37-matrix-synapse
< 0.34.1.1

CVE-2019-5885
https://matrix.org/blog/2019/01/10/critical-security-update-synapse-0-34-0-1-synapse-0-34-1-1/