Date: Sun, 29 Sep 2024 18:46:59 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 281624] net-im/py-matrix-synapse: Update to 112.0 or higher to address security issue CVE-2024-41671 Message-ID: <bug-281624-7788-8hvh3Ru0Sd@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-281624-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-281624-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D281624 --- Comment #2 from Sascha Biberhofer <ports@skyforge.at> --- I'm afraid that this is misleading, as the update itself addresses nothing = from a ports point of view. It merely pins a sufficiently recent py-twisted vers= ion in synapse's poetry.lock file. This file only matters when poetry is used to create a venv, which the port does not do. The correct (and only) way to address this issue is by updating the py-twisted port, I'm afraid. I'm not sure if an issue for the twisted port has already been filed, but t= he port itself seems to be outdated and most likely vulnerable. I'd suggest closing/renaming this issue and opening an issue against py-twisted so that this vulnerability can be addressed properly. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-281624-7788-8hvh3Ru0Sd>