Accepted matrix-synapse 1.47.1-1~bpo10+1 (source) into oldstable-backports-sloppy->backports-policy, oldstable-backports-sloppy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 25 Nov 2021 09:14:19 +0100
Source: matrix-synapse
Architecture: source
Version: 1.47.1-1~bpo10+1
Distribution: buster-backports-sloppy
Urgency: high
Maintainer: Matrix Packaging Team <pkg-matrix-maintainers@lists.alioth.debian.org>
Changed-By: Andrej Shadura <andrewsh@debian.org>
Changes:
matrix-synapse (1.47.1-1~bpo10+1) buster-backports-sloppy; urgency=medium
.
* Rebuild for buster-backports-sloppy.
.
matrix-synapse (1.47.1-1) unstable; urgency=high
.
* New upstream security release.
* CVE-2021-41281: Path traversal when downloading remote media:
Synapse instances with the media repository enabled can be tricked
into downloading a file from a remote server into an arbitrary
directory, potentially outside the media store directory.
Homeservers with the media repository disabled or configured with a
federation whitelist are unaffected.
(GHSA-3hfw-x7gx-437c)
Checksums-Sha1:
7cc19e00737869c2e0c4e2dd49a4a2eebd5e8aa5 2463 matrix-synapse_1.47.1-1~bpo10+1.dsc
dddeede07c964dd2f5f3f57141fa0ddc9d8dd726 109128 matrix-synapse_1.47.1-1~bpo10+1.debian.tar.xz
Checksums-Sha256:
b9d553b61c561f27464873dbb04e32894a238d7c693c579a994c915da43255a1 2463 matrix-synapse_1.47.1-1~bpo10+1.dsc
8d5fa5eb3e1f258ecedfde3f11650490c38b099eb211b98744973e0146c77db2 109128 matrix-synapse_1.47.1-1~bpo10+1.debian.tar.xz
Files:
d0cfcf9a08e3056aae8e341d3e6b3689 2463 net optional matrix-synapse_1.47.1-1~bpo10+1.dsc
e890a7286fafb37e893761e0fc9cb121 109128 net optional matrix-synapse_1.47.1-1~bpo10+1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCYZ9GXgAKCRDoRGtKyMdy
YcUYAQCwNT3YN0+w8G1I2ILaoDmv9hnrxR3GYh+5kHbyB2VZHwD8DwW9XX3nXqPZ
gaQBZAZiBXeqQqvLlaI0PyCwADa6Ggw=
=Z/iY
-----END PGP SIGNATURE-----
Reply to: