[Bug 259994] net-im/py-matrix-synapse: Security update to 1.47.1

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 259994] net-im/py-matrix-synapse: Security update to 1.47.1"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 259994] net-im/py-matrix-synapse: Security update to 1.47.1"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 23 Nov 2021 14:36:02 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259994

            Bug ID: 259994
           Summary: net-im/py-matrix-synapse: Security update to 1.47.1
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://github.com/matrix-org/synapse/releases/tag/v1.
                    47.1
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: ports@skyforge.at
 Attachment #229668 maintainer-approval+
             Flags:
             Flags: merge-quarterly?

Created attachment 229668
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=229668&action=edit
net-im/py-matrix-synapse: Update to 1.47.1

This updates py-matrix-synapse to 1.47.1, which fixes a critical path traversal
vulnerability when downloading remote media, see [1].

portlint: "OK" (3 Warnings, none new)
testport: OK (poudriere: 130amd64)
do-test: OK (Ran 2017 tests in 1007.761s, PASSED (skips=36, successes=1981))

Since this affects all versions of synapse we should probably MFH it to our
quarterly branch, if possible. I'll also try and write a vuln.xml entry later
tonight.

Cheers,
Sascha

[1]
https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c

-- 
You are receiving this mail because:
You are the assignee for the bug.