Date: Tue, 11 May 2021 13:56:16 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 255791] net-im/py-matrix-synapse: security update to 1.33.2 Message-ID: <bug-255791-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D255791 Bug ID: 255791 Summary: net-im/py-matrix-synapse: security update to 1.33.2 Product: Ports & Packages Version: Latest Hardware: Any URL: https://github.com/matrix-org/synapse/releases/tag/v1. 33.2 OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: ports@skyforge.at Attachment #224848 maintainer-approval+ Flags: Created attachment 224848 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D224848&action= =3Dedit net-im/py-matrix-synapse: Update to 1.33.2 Version 1.33.2 is a security update to 1.33.1 and basically consists of a f= ix for a denial of service vulenerablity by which malicious push rules could c= ause synapse to use large amounts of CPU. Furthermore, since the problem with py-attrs has been fixed in the more rec= ent attrs release and the attrs version in ports is fine anyway, I've removed t= he maximum version requirement to stay in sync with upstream version requireme= nts. portlint: "OK" (3 Warnings, none new) testport: OK (poudriere: 130amd64) do-test: OK (Ran 1608 tests in 739.471s, PASSED (skips=3D35, successes=3D15= 73)) The resulting package appears to run just fine in production. I'll also try and write a suitable vuxml entry as soon as I get to it. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-255791-7788>