Date: Tue, 31 Aug 2021 19:48:46 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 258187] net-im/py-matrix-synapse: Security update to 1.41.1 Message-ID: <bug-258187-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D258187 Bug ID: 258187 Summary: net-im/py-matrix-synapse: Security update to 1.41.1 Product: Ports & Packages Version: Latest Hardware: Any URL: https://github.com/matrix-org/synapse/releases/tag/v1. 41.1 OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: ports@skyforge.at Attachment #227574 maintainer-approval+ Flags: Created attachment 227574 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D227574&action= =3Dedit net-im/py-matrix-synapse: Update to 1.41.1 The attached patch is a simple version bump to update net-im/py-matrix-syna= pse to 1.41.1. This release contains fixes for two vulnerabilities [1], [2], wh= ich may expose room metadata and membership information to unauthorized users. = The vulnerability affects all versions of net-im/py-matrix-synapse prior to 1.4= 1.1. portlint: "OK" (3 Warnings, none new) testport: OK (poudriere: 130amd64) do-test: OK (Ran 1789 tests in 854.478s, PASSED (skips=3D36, successes=3D17= 53)) I've been running the resulting package in production for the past few hours and things look fine, so I don't expect any fallout here. This should proba= bly also be merged back to quarterly, if possible. I'll also try and write a vu= xml entry tomorrow. [1] https://github.com/matrix-org/synapse/security/advisories/GHSA-3x4c-pq33-4w= 3q [2] https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2= w2 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-258187-7788>