FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2327234d-fc4b-11ea-adef-641c67a117d8py-matrix-synapse -- malformed events may prevent users from joining federated rooms

Problem Description:

Affected Synapse versions assume that all events have an "origin" field set. If an event without the "origin" field is sent into a federated room, servers not already joined to the room will be unable to do so due to failing to fetch the malformed event.

Impact:

An attacker could cause a denial of service by deliberately sending a malformed event into a room, thus preventing new servers (and thus their users) from joining the room.


Discovery 2020-09-16
Entry 2020-09-21
py36-matrix-synapse
py37-matrix-synapse
py38-matrix-synapse
lt 1.19.2

https://github.com/matrix-org/synapse/issues/8319
https://github.com/matrix-org/synapse/pull/8324
https://github.com/matrix-org/synapse/blob/v1.19.3/CHANGES.md