Update the changelogdebian/1.47.1-1

author: Andrej Shadura <andrewsh@debian.org> 2021-11-23 13:19:16 +0100
committer: Andrej Shadura <andrewsh@debian.org> 2021-11-23 13:19:16 +0100
commit: 6a3f29278f324a62d1ae69679ecb3fc5ec82176c (patch)
tree: 9a12af58339d8af555bee160483cc36f5afa307d
parent: 19943d6721fa58a5ecf6876f6cc7eb94288a162b (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 2a1890a5..7b360b84 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+matrix-synapse (1.47.1-1) unstable; urgency=high
+
+  * New upstream security release.
+  * CVE-2021-41281: Path traversal when downloading remote media:
+    Synapse instances with the media repository enabled can be tricked
+    into downloading a file from a remote server into an arbitrary
+    directory, potentially outside the media store directory.
+    Homeservers with the media repository disabled or configured with a
+    federation whitelist are unaffected.
+    (GHSA-3hfw-x7gx-437c)
+
+ -- Andrej Shadura <andrewsh@debian.org>  Tue, 23 Nov 2021 13:17:43 +0100
+
 matrix-synapse (1.47.0-2) unstable; urgency=medium
 
   * Require a Python 3.10-compatible version of frozendict.
author	Andrej Shadura <andrewsh@debian.org>	2021-11-23 13:19:16 +0100
committer	Andrej Shadura <andrewsh@debian.org>	2021-11-23 13:19:16 +0100
commit	6a3f29278f324a62d1ae69679ecb3fc5ec82176c (patch)
tree	9a12af58339d8af555bee160483cc36f5afa307d
parent	19943d6721fa58a5ecf6876f6cc7eb94288a162b (diff)