Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package matrix-synapse for openSUSE:Factory checked in at 2021-08-31 19:55:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/matrix-synapse (Old)
and /work/SRC/openSUSE:Factory/.matrix-synapse.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "matrix-synapse"
Tue Aug 31 19:55:52 2021 rev:42 rq:915283 version:1.41.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/matrix-synapse/matrix-synapse.changes 2021-08-25 20:59:30.601058648 +0200
+++ /work/SRC/openSUSE:Factory/.matrix-synapse.new.1899/matrix-synapse.changes 2021-08-31 19:56:57.770060865 +0200
@@ -1,0 +2,44 @@
+Tue Aug 31 14:21:51 UTC 2021 - Marcus Rueckert
+
+- Update to 1.41.1
+ Due to the two security issues highlighted below, server
+ administrators are encouraged to update Synapse. We are not aware
+ of these vulnerabilities being exploited in the wild.
+
+ - Security advisory
+ The following issues are fixed in v1.41.1.
+
+ - GHSA-3x4c-pq33-4w3q / CVE-2021-39164: Enumerating a private
+ room's list of members and their display names.
+
+ If an unauthorized user both knows the Room ID of a private
+ room and that room's history visibility is set to shared,
+ then they may be able to enumerate the room's members,
+ including their display names.
+
+ The unauthorized user must be on the same homeserver as a
+ user who is a member of the target room.
+
+ Fixed by 52c7a51cf.
+
+ - GHSA-jj53-8fmw-f2w2 / CVE-2021-39163: Disclosing a private
+ room's name, avatar, topic, and number of members.
+
+ If an unauthorized user knows the Room ID of a private room,
+ then its name, avatar, topic, and number of members may be
+ disclosed through Group / Community features.
+
+ The unauthorized user must be on the same homeserver as a
+ user who is a member of the target room, and their homeserver
+ must allow non-administrators to create groups
+ (enable_group_creation in the Synapse configuration; off by
+ default).
+
+ Fixed by cb35df940a, #10723.
+
+ - Bugfixes
+ - Fix a regression introduced in Synapse 1.41 which broke email
+ transmission on systems using older versions of the Twisted
+ library. (#10713)
+
+-------------------------------------------------------------------
Old:
----
matrix-synapse-1.41.0.obscpio
New:
----
matrix-synapse-1.41.1.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ matrix-synapse-test.spec ++++++
--- /var/tmp/diff_new_pack.vIAbYq/_old 2021-08-31 19:56:58.522061906 +0200
+++ /var/tmp/diff_new_pack.vIAbYq/_new 2021-08-31 19:56:58.530061917 +0200
@@ -27,7 +27,7 @@
%define pkgname matrix-synapse
Name: %{pkgname}-test
-Version: 1.41.0
+Version: 1.41.1
Release: 0
Summary: Test package for %{pkgname}
License: Apache-2.0
++++++ matrix-synapse.spec ++++++
--- /var/tmp/diff_new_pack.vIAbYq/_old 2021-08-31 19:56:58.562061961 +0200
+++ /var/tmp/diff_new_pack.vIAbYq/_new 2021-08-31 19:56:58.566061967 +0200
@@ -47,7 +47,7 @@
%define pkgname matrix-synapse
%define eggname matrix_synapse
Name: %{pkgname}
-Version: 1.41.0
+Version: 1.41.1
Release: 0
Summary: Matrix protocol reference homeserver
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.vIAbYq/_old 2021-08-31 19:56:58.626062050 +0200
+++ /var/tmp/diff_new_pack.vIAbYq/_new 2021-08-31 19:56:58.630062055 +0200
@@ -4,7 +4,7 @@
<param name="versionformat">@PARENT_TAG@</param>
<param name="url">https://github.com/matrix-org/synapse.git</param>
<param name="scm">git</param>
- <param name="revision">v1.41.0</param>
+ <param name="revision">v1.41.1</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
Reply