mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-18 19:49:40 +00:00
security/vuxml: Document py-matrix-synapse vulnerabilities
PR: 258187 Reported by: Sascha Biberhofer <ports@skyforge.at> Security: a67e358c-0bf6-11ec-875e-901b0e9408dc Security: CVE-2021-39163 Security: CVE-2021-39164
This commit is contained in:
parent
4389726ad1
commit
1d03404150
@ -1,3 +1,42 @@
|
||||
<vuln vid="a67e358c-0bf6-11ec-875e-901b0e9408dc">
|
||||
<topic>py-matrix-synapse -- several vulnerabilities</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>py36-matrix-synapse</name>
|
||||
<name>py37-matrix-synapse</name>
|
||||
<name>py38-matrix-synapse</name>
|
||||
<name>py39-matrix-synapse</name>
|
||||
<name>py310-matrix-synapse</name>
|
||||
<range><lt>1.41.1</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>Matrix developers report:</p>
|
||||
<blockquote cite="https://matrix.org/blog/2021/08/31/synapse-1-41-1-released">
|
||||
<p>This release patches two moderate severity issues which
|
||||
could reveal metadata about private rooms:</p>
|
||||
<ul>
|
||||
<li>CVE-2021-39164: Enumerating a private room's list of
|
||||
members and their display names.</li>
|
||||
<li>CVE-2021-39163: Disclosing a private room's name,
|
||||
avatar, topic, and number of members.</li>
|
||||
</ul>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<freebsdpr>ports/258187</freebsdpr>
|
||||
<cvename>CVE-2021-39164</cvename>
|
||||
<cvename>CVE-2021-39163</cvename>
|
||||
<url>https://matrix.org/blog/2021/08/31/synapse-1-41-1-released</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2021-08-31</discovery>
|
||||
<entry>2021-09-02</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="032643d7-0ba7-11ec-a689-080027e50e6d">
|
||||
<topic>Python -- multiple vulnerabilities</topic>
|
||||
<affects>
|
||||
|
Loading…
Reference in New Issue
Block a user