diff options
| author | Andrej Shadura <andrewsh@debian.org> | 2019-11-08 14:39:39 +0100 |
|---|---|---|
| committer | Andrej Shadura <andrewsh@debian.org> | 2019-11-08 14:39:39 +0100 |
| commit | f6c8dfa45e90370e3aa28ea3176f9091409e4d02 (patch) | |
| tree | f81b843c52ad3a5e19fb96608cc66d6f6c46b847 | |
| parent | d2502ab75c15d552376a6c0581502ae0bbc1adb0 (diff) | |
Update the changelogdebian/1.5.0-1
| -rw-r--r-- | debian/changelog | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/debian/changelog b/debian/changelog index 5b1063f4..b9eae913 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,15 @@ -matrix-synapse (1.5.0-1) UNRELEASED; urgency=medium - - * New upstream release. +matrix-synapse (1.5.0-1) unstable; urgency=medium + + * New upstream release (Closes: #944355). + * SECURITY UPDATE (CVE-2019-18835): + - Matrix Synapse before 1.5.0 mishandles signature checking on some + federation APIs. Events sent over /send_join, /send_leave, and /invite + may not be correctly signed, or may not come from the expected + servers. * Require python3-typing-extensions (>= 3.7.4). * Use secure copyright file specification URI. - -- Andrej Shadura <andrewsh@debian.org> Sun, 27 Oct 2019 10:18:38 +0100 + -- Andrej Shadura <andrewsh@debian.org> Fri, 08 Nov 2019 14:38:14 +0100 matrix-synapse (1.4.0-1) unstable; urgency=medium |