mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-05 06:27:37 +00:00
Code Issues Releases Activity

Document net-im/py-matrix-synapse vulnerabilities

Browse Source 
PR:		241574
Submitted by:	Sascha Biberhofer <ports@skyforge.at>
This commit is contained in:
Bernhard Froehlich 2019-11-28 15:44:53 +00:00
parent 528642ff5c
commit 4477671a38
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=518587
1 changed files with 57 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
security/vuxml/vuln.xml
View File

@ -58,6 +58,63 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="9c36d41c-11df-11ea-9b6d-901b0e934d69">
<topic>py-matrix-synapse -- incomplete cleanup of 3rd-party-IDs on user deactivation</topic>
<affects>
<package>
<name>py35-matrix-synapse</name>
<name>py36-matrix-synapse</name>
<name>py37-matrix-synapse</name>
<range><lt>1.6.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Matrix developers report:</p>
<blockquote cite="https://github.com/matrix-org/synapse/releases/tag/v1.6.1">
<p>Clean up local threepids from user on account deactivation.</p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/matrix-org/synapse/releases/tag/v1.6.1</url>
<url>https://github.com/matrix-org/synapse/pull/6426</url>
</references>
<dates>
<discovery>2019-11-28</discovery>
<entry>2019-11-28</entry>
</dates>
</vuln>
<vuln vid="42675046-fa70-11e9-ba4e-901b0e934d69">
<topic>py-matrix-synapse -- missing signature checks on some federation APIs</topic>
<affects>
<package>
<name>py35-matrix-synapse</name>
<name>py36-matrix-synapse</name>
<name>py37-matrix-synapse</name>
<range><lt>1.5.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Matrix developers report:</p>
<blockquote cite="https://github.com/matrix-org/synapse/pull/6262">
<p>Make sure that [...] events sent over /send_join, /send_leave, and
/invite, are correctly signed and come from the expected servers.</p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/matrix-org/synapse/pull/6262</url>
<url>https://github.com/matrix-org/synapse/releases/tag/v1.5.0</url>
</references>
<dates>
<discovery>2019-10-29</discovery>
<entry>2019-10-29</entry>
</dates>
</vuln>
<vuln vid="4ce7c28a-11ac-11ea-b537-001b217b3468">
<topic>Gitlab -- Multiple Vulnerabilities</topic>
<affects>