[Git][security-tracker-team/security-tracker][master] Add CVE-2021-2127{3,4}/matrix-synapse

Salvatore Bonaccorso carnil at debian.org
Sat Feb 27 10:46:18 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
607398d7 by Salvatore Bonaccorso at 2021-02-27T11:45:49+01:00
Add CVE-2021-2127{3,4}/matrix-synapse

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15779,9 +15779,13 @@ CVE-2021-21276 (Polr is an open source URL shortener. in Polr before version 2.3
 CVE-2021-21275 (The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSR ...)
 	NOT-FOR-US: MediaWiki Report extention
 CVE-2021-21274 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
-	TODO: check
+	- matrix-synapse 1.25.0-1
+	NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-2hwx-mjrm-v3g8
+	NOTE: https://github.com/matrix-org/synapse/commit/ff5c4da1289cb5e097902b3e55b771be342c29d6
 CVE-2021-21273 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
-	TODO: check
+	- matrix-synapse 1.25.0-1
+	NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-v936-j8gp-9q3p
+	NOTE: https://github.com/matrix-org/synapse/commit/30fba6210834a4ecd91badf0c8f3eb278b72e746
 CVE-2021-21272 (ORAS is open source software which enables a way to push OCI Artifacts ...)
 	NOT-FOR-US: ORAS
 CVE-2021-21271 (Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/607398d7772b267cfab0eb96fac8ea6bed4f4e4b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/607398d7772b267cfab0eb96fac8ea6bed4f4e4b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210227/8f4d961d/attachment.htm>

More information about the debian-security-tracker-commits mailing list