http://bugzilla.opensuse.org/show_bug.cgi?id=1096833 Bug ID: 1096833 Summary: VUL-0: matrix-synapse: event visibility rules not applied correctly Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: okurz@suse.com Reporter: astieger@suse.com QA Contact: security-team@suse.de Found By: --- Blocker: --- from https://github.com/matrix-org/synapse/releases/tag/v0.31.1 Changes in synapse v0.31.1 (2018-06-08) v0.31.1 fixes a security bug in the get_missing_events federation API where event visibility rules were not applied correctly. We are not aware of it being actively exploited but please upgrade asap. Bug Fixes: Fix event filtering in get_missing_events handler (PR #3371) https://github.com/matrix-org/synapse/commit/ad9edd1d968f19dd4d7c65102fe5520... -- You are receiving this mail because: You are on the CC list for the bug.