[Pkg-matrix-maintainers] Bug#908044: matrix-synapse: CVE-2018-16515: Undisclosed security vulnerability
Andrej Shadura
andrewsh at debian.org
Wed Sep 5 14:11:29 BST 2018
Package: matrix-synapse
Version: 0.33.3-1
Severity: grave
Tags: patch security upstream
Control: fixed -1 0.33.3.1-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
From
https://matrix.org/blog/2018/09/05/pre-disclosure-upcoming-critical-security-fix-for-synapse/:
> During the ongoing work to finalise a stable release of Matrix’s
> Server-Server federation API, we’ve been doing a full audit of
> Synapse’s implementation and have identified a serious vulnerability
> which we are going to release a security update to address (Synapse
> 0.33.3.1) on Thursday Sept 6th 2018 at 12:00 UTC.
- --
Cheers,
Andrej
-----BEGIN PGP SIGNATURE-----
iQFIBAEBCAAyFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAluP1gAUHGFuZHJld3No
QGRlYmlhbi5vcmcACgkQXkCM2RzYOdJKCQgAibJqmoQ7GMUugRTWTy1fmkEMVXvg
4GwBbhJ2pbuiI01EsOpG81K/XEg2GRFdH9iKLjKzpVWInDBZb+2g8v/TFw9Vk2J4
BSrALMBQBqUkaGZ7fx4/Ul4djw5rWmN+Op2Uh/IY3qx+lIiWlBcjITV9scwuL2aI
89wrt4JyOrbWiqfRnFsjiE2IWzoJr4hw79yQtsu/N0qceOv4xfDOUUdqYF3S6vld
25OobDqLkN9bCs6RyADXZbpdQzRhfY6ETQdI7P9BxFy/MJeuJuK+aFCfwJvSxhaO
nD0CdGnIQrTypL1bIENo13JIoBejno2Xg0kStz1zNElrZVAw9sY73ptaag==
=5L8n
-----END PGP SIGNATURE-----
More information about the Pkg-matrix-maintainers
mailing list