Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 15 Dec 2024 15:48:37 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 283350] net-im/py-matrix-synapse: Update to 1.120.2, fix multiple CVEs
Message-ID:  <bug-283350-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D283350

            Bug ID: 283350
           Summary: net-im/py-matrix-synapse: Update to 1.120.2, fix
                    multiple CVEs
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://github.com/element-hq/synapse/releases/tag/v1.
                    120.2
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: ports@skyforge.at

Created attachment 255878
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D255878&action=
=3Dedit
net-im/py-matrix-synapse: Update to 1.120.2

This patch updates the synapse port from 1.118.0 to 1.120.2 to fix multiple
CVEs present in prior synapse versions:

* [1] CVE-2024-52805 (high)=E3=80=80
* [2] CVE-2024-52815 (high)
* [3] CVE-2024-53863 (high)
* [4] CVE-2024-53867 (moderate)
* [5] CVE-2024-37302 (high)
* [6] CVE-2024-37303 (moderate)


>From a ports perspective, the update includes some minor dependency changes=
 and
a version bump. The updated port builds fine on my setup and passes the usu=
al
testuite:

Ran 3887 tests in 134.485s, PASSED (skips=3D177, successes=3D3710)

The resulting package has been running fine on my server for the last 48h, =
so I
don't expect any breakage for users upgrading from the prior version.

As always, feedback is much appreciated. :)

Kind regards,
Sascha


[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2024-52805
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2024-52815
[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2024-53863
[4] https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2024-53867
[5] https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2024-37302
[6] https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2024-37303

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-283350-7788>