[Bug 283350] net-im/py-matrix-synapse: Update to 1.120.2, fix multiple CVEs
Date: Sun, 15 Dec 2024 15:48:37 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=283350
Bug ID: 283350
Summary: net-im/py-matrix-synapse: Update to 1.120.2, fix
multiple CVEs
Product: Ports & Packages
Version: Latest
Hardware: Any
URL: https://github.com/element-hq/synapse/releases/tag/v1.
120.2
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: ports-bugs@FreeBSD.org
Reporter: ports@skyforge.at
Created attachment 255878
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=255878&action=edit
net-im/py-matrix-synapse: Update to 1.120.2
This patch updates the synapse port from 1.118.0 to 1.120.2 to fix multiple
CVEs present in prior synapse versions:
* [1] CVE-2024-52805 (high)
* [2] CVE-2024-52815 (high)
* [3] CVE-2024-53863 (high)
* [4] CVE-2024-53867 (moderate)
* [5] CVE-2024-37302 (high)
* [6] CVE-2024-37303 (moderate)
From a ports perspective, the update includes some minor dependency changes and
a version bump. The updated port builds fine on my setup and passes the usual
testuite:
Ran 3887 tests in 134.485s, PASSED (skips=177, successes=3710)
The resulting package has been running fine on my server for the last 48h, so I
don't expect any breakage for users upgrading from the prior version.
As always, feedback is much appreciated. :)
Kind regards,
Sascha
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52805
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52815
[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53863
[4] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53867
[5] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37302
[6] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37303
--
You are receiving this mail because:
You are the assignee for the bug.