CVE-2023-32682 - Low Severity: It may be possible for a deactivated user to login when using uncommon configurations. CVE-2023-32683 - Low Severity: A discovered oEmbed or image URL can bypass the url_preview_url_blacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the url_preview_ip_range_blacklist setting (by default this only allows public IPs).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f34d5e251d92564f22eddf926fc3a181fe89c5dd commit f34d5e251d92564f22eddf926fc3a181fe89c5dd Author: Petr Vaněk <arkamar@atlas.cz> AuthorDate: 2023-06-07 13:07:49 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2023-06-18 12:08:16 +0000 net-im/synapse: add 1.85.2 - add two bdeps for testing of optional redis support Bug: https://bugs.gentoo.org/907950 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Closes: https://github.com/gentoo/gentoo/pull/31330 Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-im/synapse/Manifest | 2 + net-im/synapse/synapse-1.85.2.ebuild | 208 +++++++++++++++++++++++++++++++++++ 2 files changed, 210 insertions(+)
Thanks for handling this!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3331ce066a01b6814a294365bc1f1b2fa51df965 commit 3331ce066a01b6814a294365bc1f1b2fa51df965 Author: Petr Vaněk <arkamar@atlas.cz> AuthorDate: 2023-06-28 14:26:59 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-07-12 06:59:34 +0000 net-im/synapse: drop 1.82.0-r1, 1.83.0, 1.84.1 Bug: https://bugs.gentoo.org/907950 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Signed-off-by: Sam James <sam@gentoo.org> net-im/synapse/Manifest | 7 -- net-im/synapse/synapse-1.82.0-r1.ebuild | 204 ------------------------------- net-im/synapse/synapse-1.83.0.ebuild | 204 ------------------------------- net-im/synapse/synapse-1.84.1.ebuild | 206 -------------------------------- 4 files changed, 621 deletions(-)
If noglsa, all done! Thanks!