diff options
| author | Andrej Shadura <andrewsh@debian.org> | 2022-06-28 19:04:22 +0200 |
|---|---|---|
| committer | Andrej Shadura <andrewsh@debian.org> | 2022-06-28 19:04:22 +0200 |
| commit | a0ee4061629af3cf57d250075081c06d87b4b192 (patch) | |
| tree | 0fc4a95a156672c788481a43be55a37f8d87487b | |
| parent | 9d5e99efe67be6dc62da49cb045559e3745174ba (diff) | |
Update the changelogdebian/1.61.0-1_bpo11+3
| -rw-r--r-- | debian/changelog | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 9823b94d..eee6800c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +matrix-synapse (1.61.0-1~bpo11+3) bullseye-backports; urgency=medium + + * SECURITY ISSUE: GHSA-22p3-qrh9-cx32 / CVE-2022-31052. + Synapse instances with the url_preview_enabled homeserver config option + set to true are affected. URL previews of some web pages can lead to + unbounded recursion, causing the request to either fail, or in some + cases crash the running Synapse process. + + -- Andrej Shadura <andrewsh@debian.org> Tue, 28 Jun 2022 19:03:13 +0200 + matrix-synapse (1.61.0-1~bpo11+2) bullseye-backports; urgency=medium * Patch the matrix-common dependency to >= (Closes: #1013745). |