Date: Wed, 11 Mar 2020 10:58:20 +0000 (UTC) From: Bernhard Froehlich <decke@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r528227 - head/security/vuxml Message-ID: <202003111058.02BAwKKY055497@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: decke Date: Wed Mar 11 10:58:20 2020 New Revision: 528227 URL: https://svnweb.freebsd.org/changeset/ports/528227 Log: Document py-matrix-synapse vulnerabilities PR: 244279 Submitted by: Sascha Biberhofer <ports@skyforge.at> Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Mar 11 10:51:58 2020 (r528226) +++ head/security/vuxml/vuln.xml Wed Mar 11 10:58:20 2020 (r528227) @@ -58,6 +58,33 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="1afe9552-5ee3-11ea-9b6d-901b0e934d69"> + <topic>py-matrix-synapse -- users of single-sign-on are vulnerable to phishing</topic> + <affects> + <package> + <name>py35-matrix-synapse</name> + <name>py36-matrix-synapse</name> + <name>py37-matrix-synapse</name> + <range><lt>1.11.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Matrix developers report:</p> + <blockquote cite="https://github.com/matrix-org/synapse/releases/tag/v1.11.1">; + <p>[The 1.11.1] release includes a security fix impacting installations using Single Sign-On (i.e. SAML2 or CAS) for authentication. Administrators of such installations are encouraged to upgrade as soon as possible.</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/matrix-org/synapse/releases/tag/v1.11.1</url>; + </references> + <dates> + <discovery>2020-03-03</discovery> + <entry>2020-03-11</entry> + </dates> + </vuln> + <vuln vid="0032400f-624f-11ea-b495-000d3ab229d6"> <topic>Node.js -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003111058.02BAwKKY055497>