FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-17 11:57:46 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
bdfa6c04-027a-11ef-9c21-901b0e9408dc	py-matrix-synapse -- weakness in auth chain indexing allows DoS Matrix developers report: Weakness in auth chain indexing allows DoS from remote room members through disk fill and high CPU usage. (High severity) Discovery 2024-04-23 Entry 2024-04-24 py38-matrix-synapse py39-matrix-synapse py310-matrix-synapse py311-matrix-synapse < 1.105.1 CVE-2024-31208 https://element.io/blog/security-release-synapse-1-105-1/ https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v
07c0d782-f758-11ec-acaa-901b0e9408dc	py-matrix-synapse -- unbounded recursion in urlpreview Matrix developers report: This release fixes a vulnerability with Synapse's URL preview feature. URL previews of some web pages can lead to unbounded recursion, causing the request to either fail, or in some cases crash the running Synapse process. Note that: Homeservers with the url_preview_enabled configuration option set to false (the default value) are unaffected. Instances with the enable_media_repo configuration option set to false are also unaffected, as this also disables the URL preview functionality. Discovery 2022-06-28 Entry 2022-06-29 py37-matrix-synapse py38-matrix-synapse py39-matrix-synapse py310-matrix-synapse py311-matrix-synapse < 1.61.1 CVE-2022-31052 https://matrix.org/blog/2022/06/28/security-release-synapse-1-61-1

VuXML ID

Description

bdfa6c04-027a-11ef-9c21-901b0e9408dc

py-matrix-synapse -- weakness in auth chain indexing allows DoS

Matrix developers report:

Weakness in auth chain indexing allows DoS from remote room members through disk fill and high CPU usage. (High severity)

Discovery 2024-04-23
Entry 2024-04-24
py38-matrix-synapse
py39-matrix-synapse
py310-matrix-synapse
py311-matrix-synapse

< 1.105.1

CVE-2024-31208
https://element.io/blog/security-release-synapse-1-105-1/
https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v

07c0d782-f758-11ec-acaa-901b0e9408dc

py-matrix-synapse -- unbounded recursion in urlpreview

Matrix developers report:

This release fixes a vulnerability with Synapse's URL preview feature. URL previews of some web pages can lead to unbounded recursion, causing the request to either fail, or in some cases crash the running Synapse process.

Note that:

Homeservers with the url_preview_enabled configuration option set to false (the default value) are unaffected.

Instances with the enable_media_repo configuration option set to false are also unaffected, as this also disables the URL preview functionality.

Discovery 2022-06-28
Entry 2022-06-29
py37-matrix-synapse
py38-matrix-synapse
py39-matrix-synapse
py310-matrix-synapse
py311-matrix-synapse

< 1.61.1

CVE-2022-31052
https://matrix.org/blog/2022/06/28/security-release-synapse-1-61-1