Date: Tue, 23 Nov 2021 14:36:02 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 259994] net-im/py-matrix-synapse: Security update to 1.47.1 Message-ID: <bug-259994-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259994 Bug ID: 259994 Summary: net-im/py-matrix-synapse: Security update to 1.47.1 Product: Ports & Packages Version: Latest Hardware: Any URL: https://github.com/matrix-org/synapse/releases/tag/v1. 47.1 OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: ports@skyforge.at Attachment #229668 maintainer-approval+ Flags: Flags: merge-quarterly? Created attachment 229668 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D229668&action= =3Dedit net-im/py-matrix-synapse: Update to 1.47.1 This updates py-matrix-synapse to 1.47.1, which fixes a critical path trave= rsal vulnerability when downloading remote media, see [1]. portlint: "OK" (3 Warnings, none new) testport: OK (poudriere: 130amd64) do-test: OK (Ran 2017 tests in 1007.761s, PASSED (skips=3D36, successes=3D1= 981)) Since this affects all versions of synapse we should probably MFH it to our quarterly branch, if possible. I'll also try and write a vuln.xml entry lat= er tonight. Cheers, Sascha [1] https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-43= 7c --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-259994-7788>