Date: Sun, 13 Dec 2020 00:28:14 +0000 (UTC) From: "Danilo G. Baio" <dbaio@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r557876 - head/security/vuxml Message-ID: <202012130028.0BD0SE28097795@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dbaio Date: Sun Dec 13 00:28:14 2020 New Revision: 557876 URL: https://svnweb.freebsd.org/changeset/ports/557876 Log: security/vuxml: Document net-im/py-matrix-synapse issue PR: 251768 Submitted by: contact@evilham.com Security: CVE-2020-26257 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Dec 13 00:08:25 2020 (r557875) +++ head/security/vuxml/vuln.xml Sun Dec 13 00:28:14 2020 (r557876) @@ -58,6 +58,42 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="cfa0be42-3cd7-11eb-9de7-641c67a117d8"> + <topic>py-matrix-synapse -- DoS on Federation API</topic> + <affects> + <package> + <name>py36-matrix-synapse</name> + <name>py37-matrix-synapse</name> + <name>py38-matrix-synapse</name> + <name>py39-matrix-synapse</name> + <range><lt>1.23.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Matrix developers reports:</p> + <blockquote cite="https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm">; + <p>A malicious or poorly-implemented homeserver can inject malformed events + into a room by specifying a different room id in the path of a /send_join, + /send_leave, /invite or /exchange_third_party_invite request. + This can lead to a denial of service in which future events will not be + correctly sent to other servers over federation. + This affects any server which accepts federation requests from untrusted + servers.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2020-26257</cvename> + <url>https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm</url>; + <freebsdpr>ports/251768</freebsdpr> + </references> + <dates> + <discovery>2020-12-09</discovery> + <entry>2020-12-13</entry> + </dates> + </vuln> + <vuln vid="fdc49972-3ca7-11eb-929d-d4c9ef517024"> <topic>p11-kit -- Multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012130028.0BD0SE28097795>