FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
1afe9552-5ee3-11ea-9b6d-901b0e934d69	py-matrix-synapse -- users of single-sign-on are vulnerable to phishing Matrix developers report: [The 1.11.1] release includes a security fix impacting installations using Single Sign-On (i.e. SAML2 or CAS) for authentication. Administrators of such installations are encouraged to upgrade as soon as possible. Discovery 2020-03-03 Entry 2020-03-11 py35-matrix-synapse py36-matrix-synapse py37-matrix-synapse < 1.11.1 https://github.com/matrix-org/synapse/releases/tag/v1.11.1
383931ba-1818-11e9-92ea-448a5b29e8a9	py-matrix-synapse -- undisclosed vulnerability Matrix developers report: The matrix team announces the availablility of synapse security releases 0.34.0.1 and 0.34.1.1, fixing CVE-2019-5885. Discovery 2019-01-10 Entry 2019-01-15 py27-matrix-synapse py35-matrix-synapse py36-matrix-synapse py37-matrix-synapse < 0.34.1.1 CVE-2019-5885 https://matrix.org/blog/2019/01/10/critical-security-update-synapse-0-34-0-1-synapse-0-34-1-1/
38d2df4d-b143-11e9-87e7-901b0e934d69	py-matrix-synapse -- multiple vulnerabilities Matrix developers report: The matrix team releases Synapse 1.2.1 as a critical security update. It contains patches relating to redactions and event federation: Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms. Prevent a denial-of-service attack where cycles of redaction events would make Synapse spin infinitely. Prevent an attack where users could be joined or parted from public rooms without their consent. Fix a vulnerability where a federated server could spoof read-receipts from users on other servers. It was possible for a room moderator to send a redaction for an m.room.create event, which would downgrade the room to version 1. Discovery 2019-07-26 Entry 2019-07-28 py27-matrix-synapse py35-matrix-synapse py36-matrix-synapse py37-matrix-synapse < 1.2.1 https://matrix.org/blog/2019/07/26/critical-security-update-synapse-1-2-1-released https://github.com/matrix-org/synapse/releases/tag/v1.2.1
42675046-fa70-11e9-ba4e-901b0e934d69	py-matrix-synapse -- missing signature checks on some federation APIs Matrix developers report: Make sure that [...] events sent over /send_join, /send_leave, and /invite, are correctly signed and come from the expected servers. Discovery 2019-10-29 Entry 2019-10-29 py35-matrix-synapse py36-matrix-synapse py37-matrix-synapse < 1.5.0 https://github.com/matrix-org/synapse/pull/6262 https://github.com/matrix-org/synapse/releases/tag/v1.5.0
9c36d41c-11df-11ea-9b6d-901b0e934d69	py-matrix-synapse -- incomplete cleanup of 3rd-party-IDs on user deactivation Matrix developers report: Clean up local threepids from user on account deactivation. Discovery 2019-11-28 Entry 2019-11-28 py35-matrix-synapse py36-matrix-synapse py37-matrix-synapse < 1.6.1 https://github.com/matrix-org/synapse/releases/tag/v1.6.1 https://github.com/matrix-org/synapse/pull/6426
ed8cbad5-21a8-11ea-9b6d-901b0e934d69	py-matrix-synapse -- multiple vulnerabilities Matrix developers report: The [synapse 1.7.1] release includes several security fixes as well as a fix to a bug exposed by the security fixes. All previous releases of Synapse are affected. Administrators are encouraged to upgrade as soon as possible. Fix a bug which could cause room events to be incorrectly authorized using events from a different room. Fix a bug causing responses to the /context client endpoint to not use the pruned version of the event. Fix a cause of state resets in room versions 2 onwards. Discovery 2019-12-18 Entry 2019-12-18 py35-matrix-synapse py36-matrix-synapse py37-matrix-synapse < 1.7.1 https://github.com/matrix-org/synapse/releases/tag/v1.7.1