-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 25 Nov 2021 09:13:01 +0100 Source: matrix-synapse Architecture: source Version: 1.47.1-1~bpo11+1 Distribution: bullseye-backports Urgency: high Maintainer: Matrix Packaging Team <pkg-matrix-maintainers@lists.alioth.debian.org> Changed-By: Andrej Shadura <andrewsh@debian.org> Changes: matrix-synapse (1.47.1-1~bpo11+1) bullseye-backports; urgency=medium . * Rebuild for bullseye-backports. . matrix-synapse (1.47.1-1) unstable; urgency=high . * New upstream security release. * CVE-2021-41281: Path traversal when downloading remote media: Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory, potentially outside the media store directory. Homeservers with the media repository disabled or configured with a federation whitelist are unaffected. (GHSA-3hfw-x7gx-437c) Checksums-Sha1: cce8d9fc1808420080c917f9804fcb23496cb052 2463 matrix-synapse_1.47.1-1~bpo11+1.dsc 9c42ebc38e095f15e32640d213b78ad8155aee5e 108944 matrix-synapse_1.47.1-1~bpo11+1.debian.tar.xz Checksums-Sha256: 3f4d1d29b7fbe6dcccfddb9e4eae3d6846e7d563cd3ef90cea1f46cf0cdfee4f 2463 matrix-synapse_1.47.1-1~bpo11+1.dsc db56af1061136f620314c7785e7d29e0ec1df69c78e10823ecf95479f7c7b221 108944 matrix-synapse_1.47.1-1~bpo11+1.debian.tar.xz Files: 60a3edf867d78179fb5673a217050c2f 2463 net optional matrix-synapse_1.47.1-1~bpo11+1.dsc 40c2c97e05aca28a6bbca67a7710a8fc 108944 net optional matrix-synapse_1.47.1-1~bpo11+1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCYZ9GIwAKCRDoRGtKyMdy YbKCAP99pHay0mLW8M/45qiTCT9aWHpHW+RsSbGFqoVACXb+1AEA7zTQizEIFpq/ 8s2W1QCvTMFeGv1prF7Nt4/np00JPA4= =jQDy -----END PGP SIGNATURE-----
