From 33f961dbab240b3711fbd2105289ec4fc11ddb71ee87fd3e95cf93595c66cd6a Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Wed, 11 Oct 2023 10:21:26 +0000 Subject: [PATCH] Accepting request 1116888 from home:darix:apps MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update to 1.94.0 (boo#1216126 CVE-2023-45129) GHSA-5chr-wjw5-3gq4 / CVE-2023-45129 — Moderate Severity A malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. OBS-URL: https://build.opensuse.org/request/show/1116888 OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=292 --- matrix-synapse.changes | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/matrix-synapse.changes b/matrix-synapse.changes index 7f31a3d..8716a42 100644 --- a/matrix-synapse.changes +++ b/matrix-synapse.changes @@ -1,7 +1,15 @@ ------------------------------------------------------------------- Tue Oct 10 13:20:04 UTC 2023 - Marcus 'darix' Rückert -- Update to 1.94.0 +- Update to 1.94.0 (boo#1216126 CVE-2023-45129) + GHSA-5chr-wjw5-3gq4 / CVE-2023-45129 — Moderate Severity + + A malicious server ACL event can impact performance temporarily + or permanently leading to a persistent denial of service. + + Homeservers running on a closed federation (which presumably do + not need to use server ACLs) are not affected. + - Features - Render plain, CSS, CSV, JSON and common image formats in the browser (inline) when requested through the /download