-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 25 Nov 2021 09:14:19 +0100 Source: matrix-synapse Architecture: source Version: 1.47.1-1~bpo10+1 Distribution: buster-backports-sloppy Urgency: high Maintainer: Matrix Packaging Team <pkg-matrix-maintainers@lists.alioth.debian.org> Changed-By: Andrej Shadura <andrewsh@debian.org> Changes: matrix-synapse (1.47.1-1~bpo10+1) buster-backports-sloppy; urgency=medium . * Rebuild for buster-backports-sloppy. . matrix-synapse (1.47.1-1) unstable; urgency=high . * New upstream security release. * CVE-2021-41281: Path traversal when downloading remote media: Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory, potentially outside the media store directory. Homeservers with the media repository disabled or configured with a federation whitelist are unaffected. (GHSA-3hfw-x7gx-437c) Checksums-Sha1: 7cc19e00737869c2e0c4e2dd49a4a2eebd5e8aa5 2463 matrix-synapse_1.47.1-1~bpo10+1.dsc dddeede07c964dd2f5f3f57141fa0ddc9d8dd726 109128 matrix-synapse_1.47.1-1~bpo10+1.debian.tar.xz Checksums-Sha256: b9d553b61c561f27464873dbb04e32894a238d7c693c579a994c915da43255a1 2463 matrix-synapse_1.47.1-1~bpo10+1.dsc 8d5fa5eb3e1f258ecedfde3f11650490c38b099eb211b98744973e0146c77db2 109128 matrix-synapse_1.47.1-1~bpo10+1.debian.tar.xz Files: d0cfcf9a08e3056aae8e341d3e6b3689 2463 net optional matrix-synapse_1.47.1-1~bpo10+1.dsc e890a7286fafb37e893761e0fc9cb121 109128 net optional matrix-synapse_1.47.1-1~bpo10+1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCYZ9GXgAKCRDoRGtKyMdy YcUYAQCwNT3YN0+w8G1I2ILaoDmv9hnrxR3GYh+5kHbyB2VZHwD8DwW9XX3nXqPZ gaQBZAZiBXeqQqvLlaI0PyCwADa6Ggw= =Z/iY -----END PGP SIGNATURE-----
