[Bug 259994] net-im/py-matrix-synapse: Security update to 1.47.1
Date: Tue, 23 Nov 2021 14:36:02 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259994 Bug ID: 259994 Summary: net-im/py-matrix-synapse: Security update to 1.47.1 Product: Ports & Packages Version: Latest Hardware: Any URL: https://github.com/matrix-org/synapse/releases/tag/v1. 47.1 OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: ports@skyforge.at Attachment #229668 maintainer-approval+ Flags: Flags: merge-quarterly? Created attachment 229668 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=229668&action=edit net-im/py-matrix-synapse: Update to 1.47.1 This updates py-matrix-synapse to 1.47.1, which fixes a critical path traversal vulnerability when downloading remote media, see [1]. portlint: "OK" (3 Warnings, none new) testport: OK (poudriere: 130amd64) do-test: OK (Ran 2017 tests in 1007.761s, PASSED (skips=36, successes=1981)) Since this affects all versions of synapse we should probably MFH it to our quarterly branch, if possible. I'll also try and write a vuln.xml entry later tonight. Cheers, Sascha [1] https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c -- You are receiving this mail because: You are the assignee for the bug.