[Git][security-tracker-team/security-tracker][master] Add new matrix-synapse issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 3 20:36:12 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2771c6c2 by Salvatore Bonaccorso at 2024-12-03T21:35:05+01:00
Add new matrix-synapse issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,15 +7,22 @@ CVE-2024-53999 (Mobile Security Framework (MobSF) is a pen-testing, malware anal
 CVE-2024-53921 (An issue was discovered in the installer in Samsung Magician 8.1.0 on  ...)
 	NOT-FOR-US: Samsung
 CVE-2024-53867 (Synapse is an open-source Matrix homeserver. The Sliding Sync feature  ...)
-	TODO: check
+	- matrix-synapse <unfixed>
+	NOTE: https://github.com/element-hq/synapse/security/advisories/GHSA-56w4-5538-8v8h
+	NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/4186
 CVE-2024-53863 (Synapse is an open-source Matrix homeserver. In Synapse versions befor ...)
-	TODO: check
+	- matrix-synapse <unfixed>
+	NOTE: https://github.com/element-hq/synapse/security/advisories/GHSA-vp6v-whfm-rv3g
 CVE-2024-53257 (Vitess is a database clustering system for horizontal scaling of MySQL ...)
 	NOT-FOR-US: Vitess
 CVE-2024-52815 (Synapse is an open-source Matrix homeserver. Synapse versions before 1 ...)
-	TODO: check
+	- matrix-synapse <unfixed>
+	NOTE: https://github.com/element-hq/synapse/security/advisories/GHSA-f3r3-h2mq-hx2h
 CVE-2024-52805 (Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1 ...)
-	TODO: check
+	- matrix-synapse <unfixed>
+	NOTE: https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2
+	NOTE: https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518
+	NOTE: https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609
 CVE-2024-52548 (An attacker who can execute arbitrary Operating Systems commands, can  ...)
 	TODO: check
 CVE-2024-52547 (An authenticated attacker can trigger a stack based buffer overflow in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2771c6c2ea3ce57f71648359daee52c7d9c581c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2771c6c2ea3ce57f71648359daee52c7d9c581c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241203/4d1f4dd7/attachment.htm>

More information about the debian-security-tracker-commits mailing list