diff options
author | Andrej Shadura <andrewsh@debian.org> | 2021-11-23 13:19:16 +0100 |
---|---|---|
committer | Andrej Shadura <andrewsh@debian.org> | 2021-11-23 13:19:16 +0100 |
commit | 6a3f29278f324a62d1ae69679ecb3fc5ec82176c (patch) | |
tree | 9a12af58339d8af555bee160483cc36f5afa307d | |
parent | 19943d6721fa58a5ecf6876f6cc7eb94288a162b (diff) |
Update the changelogdebian/1.47.1-1
-rw-r--r-- | debian/changelog | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 2a1890a5..7b360b84 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +matrix-synapse (1.47.1-1) unstable; urgency=high + + * New upstream security release. + * CVE-2021-41281: Path traversal when downloading remote media: + Synapse instances with the media repository enabled can be tricked + into downloading a file from a remote server into an arbitrary + directory, potentially outside the media store directory. + Homeservers with the media repository disabled or configured with a + federation whitelist are unaffected. + (GHSA-3hfw-x7gx-437c) + + -- Andrej Shadura <andrewsh@debian.org> Tue, 23 Nov 2021 13:17:43 +0100 + matrix-synapse (1.47.0-2) unstable; urgency=medium * Require a Python 3.10-compatible version of frozendict. |