| Summary: | <net-im/synapse-1.127.1: Federation denial of service via malformed events | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Petr Vaněk <arkamar> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | CONFIRMED --- | ||
| Severity: | normal | CC: | arkamar |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6 | ||
| Whiteboard: | B3 [glsa?] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 952123 | ||
| Bug Blocks: | |||
|
Description
Petr Vaněk
2025-03-27 07:20:47 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df3e9a2457545ad613f6e3d1ce46f162d5631556 commit df3e9a2457545ad613f6e3d1ce46f162d5631556 Author: Petr Vaněk <arkamar@gentoo.org> AuthorDate: 2025-03-27 07:23:02 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2025-03-27 08:12:02 +0000 net-im/synapse: add 1.127.1, CVE-2025-30355 Fixes an issue where a malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild. CVE: https://www.cve.org/CVERecord?id=CVE-2025-30355 GHSA: https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6 Bug: https://bugs.gentoo.org/952122 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> net-im/synapse/Manifest | 1 + net-im/synapse/synapse-1.127.1.ebuild | 242 ++++++++++++++++++++++++++++++++++ 2 files changed, 243 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=288171eb5e640b0fc61edad972fe94f6530d5e78 commit 288171eb5e640b0fc61edad972fe94f6530d5e78 Author: Petr Vaněk <arkamar@gentoo.org> AuthorDate: 2025-03-29 13:30:02 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2025-03-29 13:30:02 +0000 net-im/synapse: drop 1.124.0, 1.125.0, 1.126.0, 1.127.0 Bug: https://bugs.gentoo.org/952122 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> net-im/synapse/Manifest | 30 ----- net-im/synapse/synapse-1.124.0.ebuild | 229 -------------------------------- net-im/synapse/synapse-1.125.0.ebuild | 242 ---------------------------------- net-im/synapse/synapse-1.126.0.ebuild | 242 ---------------------------------- net-im/synapse/synapse-1.127.0.ebuild | 242 ---------------------------------- 5 files changed, 985 deletions(-) |