[Pkg-matrix-maintainers] matrix-synapse_1.47.1-1_source.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Tue Nov 23 12:33:34 GMT 2021



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 23 Nov 2021 13:17:43 +0100
Source: matrix-synapse
Architecture: source
Version: 1.47.1-1
Distribution: unstable
Urgency: high
Maintainer: Matrix Packaging Team <pkg-matrix-maintainers at lists.alioth.debian.org>
Changed-By: Andrej Shadura <andrewsh at debian.org>
Changes:
 matrix-synapse (1.47.1-1) unstable; urgency=high
 .
   * New upstream security release.
   * CVE-2021-41281: Path traversal when downloading remote media:
     Synapse instances with the media repository enabled can be tricked
     into downloading a file from a remote server into an arbitrary
     directory, potentially outside the media store directory.
     Homeservers with the media repository disabled or configured with a
     federation whitelist are unaffected.
     (GHSA-3hfw-x7gx-437c)
Checksums-Sha1:
 3ff700e121bbb6cd2214bb512f35ed271554c633 2428 matrix-synapse_1.47.1-1.dsc
 7d683830d7cae54228345361ee4009ef03c3f1fb 7566339 matrix-synapse_1.47.1.orig.tar.gz
 26797e9701d4f4c24e0717c51e1499a9cd2788b0 108812 matrix-synapse_1.47.1-1.debian.tar.xz
Checksums-Sha256:
 0be1532e4f6466e7518dc4a7189c39910f0577c9d00a87420d3ea4fd395fe086 2428 matrix-synapse_1.47.1-1.dsc
 cc385b6cfeba671bba800c2557ad39063bdd53f70dfb3781c85df7af6f5d064c 7566339 matrix-synapse_1.47.1.orig.tar.gz
 f5383f3a2da63ecc4b75f00a666c33468d62804c9712d0cf90472330b9ffb907 108812 matrix-synapse_1.47.1-1.debian.tar.xz
Files:
 a9a031b83af73d4b70ac20234c6b0ee2 2428 net optional matrix-synapse_1.47.1-1.dsc
 e0924c9eeb87e311f7694e87a26cbc30 7566339 net optional matrix-synapse_1.47.1.orig.tar.gz
 149eb378001527a3a0db787bc7151f2b 108812 net optional matrix-synapse_1.47.1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCYZzcXQAKCRDoRGtKyMdy
YYusAQDN7r6m+pvcI51XbCjj9twSRs6zYGEDOFAy6ljRkM8gzAD/cHyQ2LOGIVJw
iiTtx4HYj8lf9Zhq9udDOE1/xAEphQ4=
=1Ik+
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.



More information about the Pkg-matrix-maintainers mailing list