Summary: | <net-im/synapse-1.105.1: Weakness in auth chain indexing allows DoS from remote room members through disk fill and high CPU usage | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Petr Vaněk <arkamar> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | arkamar |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v | ||
See Also: | https://github.com/gentoo/gentoo/pull/36378 | ||
Whiteboard: | B3 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 930695 | ||
Bug Blocks: |
Description
Petr Vaněk
2024-04-23 18:24:00 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=123715b98768e9091423aa406d1d4bf326533562 commit 123715b98768e9091423aa406d1d4bf326533562 Author: Joe Kappus <joe@wt.gd> AuthorDate: 2024-04-23 18:30:33 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2024-04-23 20:42:40 +0000 net-im/synapse: add 1.105.1 Bug: https://bugs.gentoo.org/930514 Signed-off-by: Joe Kappus <joe@wt.gd> Closes: https://github.com/gentoo/gentoo/pull/36378 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> net-im/synapse/Manifest | 1 + net-im/synapse/synapse-1.105.1.ebuild | 211 ++++++++++++++++++++++++++++++++++ 2 files changed, 212 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=086702e62705a7306a93eebaa40f257e41550a5c commit 086702e62705a7306a93eebaa40f257e41550a5c Author: Petr Vaněk <arkamar@gentoo.org> AuthorDate: 2024-04-26 15:34:01 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2024-04-26 15:36:23 +0000 net-im/synapse: drop 1.103.0, 1.104.0, 1.105.0 Bug: https://bugs.gentoo.org/930514 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> net-im/synapse/Manifest | 15 -- .../files/synapse-1.101.0-netaddr-tests.patch | 33 ---- net-im/synapse/synapse-1.103.0.ebuild | 215 --------------------- net-im/synapse/synapse-1.104.0.ebuild | 211 -------------------- net-im/synapse/synapse-1.105.0.ebuild | 211 -------------------- 5 files changed, 685 deletions(-) |