[Pkg-matrix-maintainers] matrix-synapse_1.47.1-1_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Tue Nov 23 12:33:34 GMT 2021
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 23 Nov 2021 13:17:43 +0100
Source: matrix-synapse
Architecture: source
Version: 1.47.1-1
Distribution: unstable
Urgency: high
Maintainer: Matrix Packaging Team <pkg-matrix-maintainers at lists.alioth.debian.org>
Changed-By: Andrej Shadura <andrewsh at debian.org>
Changes:
matrix-synapse (1.47.1-1) unstable; urgency=high
.
* New upstream security release.
* CVE-2021-41281: Path traversal when downloading remote media:
Synapse instances with the media repository enabled can be tricked
into downloading a file from a remote server into an arbitrary
directory, potentially outside the media store directory.
Homeservers with the media repository disabled or configured with a
federation whitelist are unaffected.
(GHSA-3hfw-x7gx-437c)
Checksums-Sha1:
3ff700e121bbb6cd2214bb512f35ed271554c633 2428 matrix-synapse_1.47.1-1.dsc
7d683830d7cae54228345361ee4009ef03c3f1fb 7566339 matrix-synapse_1.47.1.orig.tar.gz
26797e9701d4f4c24e0717c51e1499a9cd2788b0 108812 matrix-synapse_1.47.1-1.debian.tar.xz
Checksums-Sha256:
0be1532e4f6466e7518dc4a7189c39910f0577c9d00a87420d3ea4fd395fe086 2428 matrix-synapse_1.47.1-1.dsc
cc385b6cfeba671bba800c2557ad39063bdd53f70dfb3781c85df7af6f5d064c 7566339 matrix-synapse_1.47.1.orig.tar.gz
f5383f3a2da63ecc4b75f00a666c33468d62804c9712d0cf90472330b9ffb907 108812 matrix-synapse_1.47.1-1.debian.tar.xz
Files:
a9a031b83af73d4b70ac20234c6b0ee2 2428 net optional matrix-synapse_1.47.1-1.dsc
e0924c9eeb87e311f7694e87a26cbc30 7566339 net optional matrix-synapse_1.47.1.orig.tar.gz
149eb378001527a3a0db787bc7151f2b 108812 net optional matrix-synapse_1.47.1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCYZzcXQAKCRDoRGtKyMdy
YYusAQDN7r6m+pvcI51XbCjj9twSRs6zYGEDOFAy6ljRkM8gzAD/cHyQ2LOGIVJw
iiTtx4HYj8lf9Zhq9udDOE1/xAEphQ4=
=1Ik+
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-matrix-maintainers
mailing list