FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d9f686f3-fde0-48dc-ab0a-01c2fe3e0529	py-matrix-synapse -- multiple vulnerabilities Matrix developers report: Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild. A malicious homeserver could force Synapse to reset the state in a room to a small subset of the correct state. This affects all Synapse deployments which federate with untrusted servers. HTML pages served via Synapse were vulnerable to clickjacking attacks. This predominantly affects homeservers with single-sign-on enabled, but all server administrators are encouraged to upgrade. Discovery 2020-07-02 Entry 2020-07-03 py36-matrix-synapse py37-matrix-synapse py38-matrix-synapse < 1.15.2 https://github.com/matrix-org/synapse/releases/tag/v1.15.2

VuXML ID

Description

d9f686f3-fde0-48dc-ab0a-01c2fe3e0529

py-matrix-synapse -- multiple vulnerabilities

Matrix developers report:

Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild.

A malicious homeserver could force Synapse to reset the state in a room to a small subset of the correct state. This affects all Synapse deployments which federate with untrusted servers.

HTML pages served via Synapse were vulnerable to clickjacking attacks. This predominantly affects homeservers with single-sign-on enabled, but all server administrators are encouraged to upgrade.

Discovery 2020-07-02
Entry 2020-07-03
py36-matrix-synapse
py37-matrix-synapse
py38-matrix-synapse

< 1.15.2

https://github.com/matrix-org/synapse/releases/tag/v1.15.2