FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2023-06-06 20:49:06 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2327234d-fc4b-11ea-adef-641c67a117d8	py-matrix-synapse -- malformed events may prevent users from joining federated rooms Problem Description: Affected Synapse versions assume that all events have an "origin" field set. If an event without the "origin" field is sent into a federated room, servers not already joined to the room will be unable to do so due to failing to fetch the malformed event. Impact: An attacker could cause a denial of service by deliberately sending a malformed event into a room, thus preventing new servers (and thus their users) from joining the room. Discovery 2020-09-16 Entry 2020-09-21 py36-matrix-synapse py37-matrix-synapse py38-matrix-synapse < 1.19.2 https://github.com/matrix-org/synapse/issues/8319 https://github.com/matrix-org/synapse/pull/8324 https://github.com/matrix-org/synapse/blob/v1.19.3/CHANGES.md

VuXML ID

Description

2327234d-fc4b-11ea-adef-641c67a117d8

py-matrix-synapse -- malformed events may prevent users from joining federated rooms

Problem Description:

Affected Synapse versions assume that all events have an "origin" field set. If an event without the "origin" field is sent into a federated room, servers not already joined to the room will be unable to do so due to failing to fetch the malformed event.

Impact:

An attacker could cause a denial of service by deliberately sending a malformed event into a room, thus preventing new servers (and thus their users) from joining the room.

Discovery 2020-09-16
Entry 2020-09-21
py36-matrix-synapse
py37-matrix-synapse
py38-matrix-synapse

< 1.19.2

https://github.com/matrix-org/synapse/issues/8319
https://github.com/matrix-org/synapse/pull/8324
https://github.com/matrix-org/synapse/blob/v1.19.3/CHANGES.md