Accepted matrix-synapse 1.51.0-1~bpo10+2 (source) into buster-backports->backports-policy, buster-backports
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 09 Feb 2022 13:19:14 +0100
Source: matrix-synapse
Architecture: source
Version: 1.51.0-1~bpo10+2
Distribution: buster-backports
Urgency: high
Maintainer: Matrix Packaging Team <pkg-matrix-maintainers@lists.alioth.debian.org>
Changed-By: Andrej Shadura <andrewsh@debian.org>
Closes: 919347 927837 927838
Changes:
matrix-synapse (1.51.0-1~bpo10+2) buster-backports; urgency=medium
.
* Add an explicit python3-matrix-common dependency.
* Add a NEWS item on deprecation of Synapse in buster-backports-sloppy.
.
matrix-synapse (1.51.0-1~bpo10+1) buster-backports-sloppy; urgency=medium
.
* Rebuild for buster-backports-sloppy.
.
matrix-synapse (1.51.0-1) unstable; urgency=high
.
* New upstream release.
* Sort entries in debian/copyright.
.
matrix-synapse (1.50.2-1) unstable; urgency=medium
.
* New upstream release.
.
matrix-synapse (1.50.1-1) unstable; urgency=medium
.
* New upstream release.
.
matrix-synapse (1.50.0-1) unstable; urgency=medium
.
* New upstream release.
* Depend on python3-matrix-common.
.
matrix-synapse (1.49.2-1) unstable; urgency=medium
.
* New upstream release.
.
matrix-synapse (1.49.0-1~bpo10+4) buster-backports-sloppy; urgency=medium
.
* Fix an endless loop with "Invalid prev_events for <event_id>".
.
matrix-synapse (1.49.0-1~bpo10+2) buster-backports-sloppy; urgency=medium
.
* Fix a regression by cherry-picking an upstream fix from 1.49.2.
.
matrix-synapse (1.49.0-1~bpo10+1) buster-backports-sloppy; urgency=medium
.
* Rebuild for buster-backports-sloppy.
.
matrix-synapse (1.49.0-1) unstable; urgency=medium
.
* New upstream release.
* Bump ijson dependency.
.
matrix-synapse (1.48.0-1~bpo10+1) buster-backports-sloppy; urgency=medium
.
* Rebuild for buster-backports-sloppy.
.
matrix-synapse (1.48.0-1) unstable; urgency=medium
.
* New upstream release.
* Update copyrights.
.
matrix-synapse (1.47.1-1~bpo10+1) buster-backports-sloppy; urgency=medium
.
* Rebuild for buster-backports-sloppy.
.
matrix-synapse (1.47.1-1) unstable; urgency=high
.
* New upstream security release.
* CVE-2021-41281: Path traversal when downloading remote media:
Synapse instances with the media repository enabled can be tricked
into downloading a file from a remote server into an arbitrary
directory, potentially outside the media store directory.
Homeservers with the media repository disabled or configured with a
federation whitelist are unaffected.
(GHSA-3hfw-x7gx-437c)
.
matrix-synapse (1.47.0-2~bpo10+1) buster-backports-sloppy; urgency=medium
.
* Rebuild for buster-backports-sloppy.
* Fix security vulnerability in the media repository
(CVE-2021-41281).
.
matrix-synapse (1.47.0-2) unstable; urgency=medium
.
* Require a Python 3.10-compatible version of frozendict.
.
matrix-synapse (1.47.0-1) unstable; urgency=medium
.
* New upstream release.
.
matrix-synapse (1.46.0-1~bpo10+2) buster-backports-sloppy; urgency=high
.
* Fix security vulnerability in the media repository
(CVE-2021-41281).
.
matrix-synapse (1.46.0-1~bpo10+1) buster-backports-sloppy; urgency=medium
.
* Rebuild for buster-backports-sloppy.
.
matrix-synapse (1.46.0-1) unstable; urgency=medium
.
* New upstream release.
.
matrix-synapse (1.45.1-1~bpo10+1) buster-backports-sloppy; urgency=medium
.
* Rebuild for buster-backports-sloppy.
.
matrix-synapse (1.45.1-1) unstable; urgency=high
.
* New upstream release.
.
matrix-synapse (1.45.0-1) unstable; urgency=medium
.
* New upstream release.
.
matrix-synapse (1.44.0-2) unstable; urgency=medium
.
* Drop unused dependency on blist.
.
matrix-synapse (1.44.0-1~bpo10+1) buster-backports-sloppy; urgency=medium
.
* Rebuild for buster-backports-sloppy.
* Drop unused dependency on blist.
.
matrix-synapse (1.44.0-1) unstable; urgency=medium
.
* New upstream release.
.
matrix-synapse (1.43.0-1~bpo10+1) buster-backports-sloppy; urgency=medium
.
* Rebuild for buster-backports-sloppy.
.
matrix-synapse (1.43.0-1) unstable; urgency=medium
.
* New upstream release.
.
matrix-synapse (1.42.0-1~bpo10+1) buster-backports-sloppy; urgency=medium
.
* Rebuild for buster-backports-sloppy.
.
matrix-synapse (1.42.0-1) unstable; urgency=medium
.
* New upstream release.
* Update jsonschema dependency to 3.0.0.
.
matrix-synapse (1.41.1-1~bpo10+1) buster-backports-sloppy; urgency=medium
.
* Rebuild for buster-backports-sloppy.
.
matrix-synapse (1.41.1-1) unstable; urgency=high
.
* New upstream release.
* SECURITY UPDATE:
- Unauthorised users could enumerate a private room's list of
members and their display names (CVE-2021-39164, GHSA-3x4c-pq33-4w3q).
- Unauthorised users could disclose a private room's name, avatar,
topic, and number of members (CVE-2021-39163, GHSA-jj53-8fmw-f2w2).
.
matrix-synapse (1.40.0-1~bpo10+1) buster-backports-sloppy; urgency=medium
.
* Rebuild for buster-backports-sloppy.
.
matrix-synapse (1.40.0-1) unstable; urgency=medium
.
* New upstream release.
.
matrix-synapse (1.39.0-1) unstable; urgency=medium
.
* New upstream release.
.
matrix-synapse (1.38.1-1) unstable; urgency=medium
.
* New upstream release.
.
matrix-synapse (1.38.0-1) unstable; urgency=medium
.
* New upstream release.
* Install renamed documents under the old names.
.
matrix-synapse (1.37.1-1) unstable; urgency=medium
.
* New upstream release.
.
matrix-synapse (1.37.0-1) unstable; urgency=medium
.
* New upstream release.
* Update the dependencies.
.
matrix-synapse (1.36.0-1) unstable; urgency=medium
.
* New upstream release.
.
matrix-synapse (1.35.1-1) unstable; urgency=medium
.
* New upstream release.
* d/watch: Skip pre-releases.
.
matrix-synapse (1.35.0-1) unstable; urgency=medium
.
* New upstream release.
* Depend on python3-ijson (>= 3.0).
.
matrix-synapse (1.34.0-1) unstable; urgency=medium
.
* New upstream release.
* Recommend pympler required for caches.track_memory_usage setting.
.
matrix-synapse (1.33.2-1) unstable; urgency=high
.
* New upstream release.
* Explicitly depend on python3-cryptography.
* Refresh patch.
* SECURITY UPDATE (CVE-2021-29471, GHSA-x345-32rc-8h85):
- Denial of service attack via push rule patterns:
"Push rules" can specify conditions under which they will match,
including event_match, which matches event content against a
pattern including wildcards. Certain patterns can cause very poor
performance in the matching engine, leading to a denial-of-service
when processing moderate-length events.
.
matrix-synapse (1.31.0-2) unstable; urgency=medium
.
* Stop using a deprecated dpkg-statoverride option (Closes: #927837).
* Remove dpkg-statoverride on purge (Closes: #927838).
* Properly escape variables in scripts.
* Only log warnings and above to the journal (Closes: #919347).
.
matrix-synapse (1.31.0-1) unstable; urgency=medium
.
* New upstream release.
* Revert upstream bump of python3-cryptography.
.
matrix-synapse (1.30.0-1) unstable; urgency=medium
.
* New upstream release.
* Update the watch URL.
.
matrix-synapse (1.29.0-1) unstable; urgency=medium
.
* New upstream release.
.
matrix-synapse (1.28.0-1) unstable; urgency=medium
.
* New upstream release.
Checksums-Sha1:
756ff1411dd6b70a19d8add3e88eee434ff1a63c 2503 matrix-synapse_1.51.0-1~bpo10+2.dsc
f96e102d129d2d273630bfe7f88bc84cd4a13e11 109432 matrix-synapse_1.51.0-1~bpo10+2.debian.tar.xz
Checksums-Sha256:
8cf8e5f11bd193113c33d81d15bba7bfadd1c2ad3a8df2a49203e287d7d5e92b 2503 matrix-synapse_1.51.0-1~bpo10+2.dsc
5252dc6b89b44cba90e7e576c61987be7fc0a99a776b7a0f74dbaaaed395cfee 109432 matrix-synapse_1.51.0-1~bpo10+2.debian.tar.xz
Files:
5d244c5a3f6c26bf68acb954887cb169 2503 net optional matrix-synapse_1.51.0-1~bpo10+2.dsc
4f310735f0a677ba94eb69d580508789 109432 net optional matrix-synapse_1.51.0-1~bpo10+2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCYgOxZQAKCRDoRGtKyMdy
YUhqAQCrTgbghhwnOK6HQjj//sXDINifE3LnXoxNQ9c0//chPQEAmtnGNlAtGY+R
HPUink9MOuwNbK2B5GGAA5Q6vU9AeA4=
=KyeX
-----END PGP SIGNATURE-----
Reply to: