-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 09 Feb 2022 13:19:14 +0100 Source: matrix-synapse Architecture: source Version: 1.51.0-1~bpo10+2 Distribution: buster-backports Urgency: high Maintainer: Matrix Packaging Team <pkg-matrix-maintainers@lists.alioth.debian.org> Changed-By: Andrej Shadura <andrewsh@debian.org> Closes: 919347 927837 927838 Changes: matrix-synapse (1.51.0-1~bpo10+2) buster-backports; urgency=medium . * Add an explicit python3-matrix-common dependency. * Add a NEWS item on deprecation of Synapse in buster-backports-sloppy. . matrix-synapse (1.51.0-1~bpo10+1) buster-backports-sloppy; urgency=medium . * Rebuild for buster-backports-sloppy. . matrix-synapse (1.51.0-1) unstable; urgency=high . * New upstream release. * Sort entries in debian/copyright. . matrix-synapse (1.50.2-1) unstable; urgency=medium . * New upstream release. . matrix-synapse (1.50.1-1) unstable; urgency=medium . * New upstream release. . matrix-synapse (1.50.0-1) unstable; urgency=medium . * New upstream release. * Depend on python3-matrix-common. . matrix-synapse (1.49.2-1) unstable; urgency=medium . * New upstream release. . matrix-synapse (1.49.0-1~bpo10+4) buster-backports-sloppy; urgency=medium . * Fix an endless loop with "Invalid prev_events for <event_id>". . matrix-synapse (1.49.0-1~bpo10+2) buster-backports-sloppy; urgency=medium . * Fix a regression by cherry-picking an upstream fix from 1.49.2. . matrix-synapse (1.49.0-1~bpo10+1) buster-backports-sloppy; urgency=medium . * Rebuild for buster-backports-sloppy. . matrix-synapse (1.49.0-1) unstable; urgency=medium . * New upstream release. * Bump ijson dependency. . matrix-synapse (1.48.0-1~bpo10+1) buster-backports-sloppy; urgency=medium . * Rebuild for buster-backports-sloppy. . matrix-synapse (1.48.0-1) unstable; urgency=medium . * New upstream release. * Update copyrights. . matrix-synapse (1.47.1-1~bpo10+1) buster-backports-sloppy; urgency=medium . * Rebuild for buster-backports-sloppy. . matrix-synapse (1.47.1-1) unstable; urgency=high . * New upstream security release. * CVE-2021-41281: Path traversal when downloading remote media: Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory, potentially outside the media store directory. Homeservers with the media repository disabled or configured with a federation whitelist are unaffected. (GHSA-3hfw-x7gx-437c) . matrix-synapse (1.47.0-2~bpo10+1) buster-backports-sloppy; urgency=medium . * Rebuild for buster-backports-sloppy. * Fix security vulnerability in the media repository (CVE-2021-41281). . matrix-synapse (1.47.0-2) unstable; urgency=medium . * Require a Python 3.10-compatible version of frozendict. . matrix-synapse (1.47.0-1) unstable; urgency=medium . * New upstream release. . matrix-synapse (1.46.0-1~bpo10+2) buster-backports-sloppy; urgency=high . * Fix security vulnerability in the media repository (CVE-2021-41281). . matrix-synapse (1.46.0-1~bpo10+1) buster-backports-sloppy; urgency=medium . * Rebuild for buster-backports-sloppy. . matrix-synapse (1.46.0-1) unstable; urgency=medium . * New upstream release. . matrix-synapse (1.45.1-1~bpo10+1) buster-backports-sloppy; urgency=medium . * Rebuild for buster-backports-sloppy. . matrix-synapse (1.45.1-1) unstable; urgency=high . * New upstream release. . matrix-synapse (1.45.0-1) unstable; urgency=medium . * New upstream release. . matrix-synapse (1.44.0-2) unstable; urgency=medium . * Drop unused dependency on blist. . matrix-synapse (1.44.0-1~bpo10+1) buster-backports-sloppy; urgency=medium . * Rebuild for buster-backports-sloppy. * Drop unused dependency on blist. . matrix-synapse (1.44.0-1) unstable; urgency=medium . * New upstream release. . matrix-synapse (1.43.0-1~bpo10+1) buster-backports-sloppy; urgency=medium . * Rebuild for buster-backports-sloppy. . matrix-synapse (1.43.0-1) unstable; urgency=medium . * New upstream release. . matrix-synapse (1.42.0-1~bpo10+1) buster-backports-sloppy; urgency=medium . * Rebuild for buster-backports-sloppy. . matrix-synapse (1.42.0-1) unstable; urgency=medium . * New upstream release. * Update jsonschema dependency to 3.0.0. . matrix-synapse (1.41.1-1~bpo10+1) buster-backports-sloppy; urgency=medium . * Rebuild for buster-backports-sloppy. . matrix-synapse (1.41.1-1) unstable; urgency=high . * New upstream release. * SECURITY UPDATE: - Unauthorised users could enumerate a private room's list of members and their display names (CVE-2021-39164, GHSA-3x4c-pq33-4w3q). - Unauthorised users could disclose a private room's name, avatar, topic, and number of members (CVE-2021-39163, GHSA-jj53-8fmw-f2w2). . matrix-synapse (1.40.0-1~bpo10+1) buster-backports-sloppy; urgency=medium . * Rebuild for buster-backports-sloppy. . matrix-synapse (1.40.0-1) unstable; urgency=medium . * New upstream release. . matrix-synapse (1.39.0-1) unstable; urgency=medium . * New upstream release. . matrix-synapse (1.38.1-1) unstable; urgency=medium . * New upstream release. . matrix-synapse (1.38.0-1) unstable; urgency=medium . * New upstream release. * Install renamed documents under the old names. . matrix-synapse (1.37.1-1) unstable; urgency=medium . * New upstream release. . matrix-synapse (1.37.0-1) unstable; urgency=medium . * New upstream release. * Update the dependencies. . matrix-synapse (1.36.0-1) unstable; urgency=medium . * New upstream release. . matrix-synapse (1.35.1-1) unstable; urgency=medium . * New upstream release. * d/watch: Skip pre-releases. . matrix-synapse (1.35.0-1) unstable; urgency=medium . * New upstream release. * Depend on python3-ijson (>= 3.0). . matrix-synapse (1.34.0-1) unstable; urgency=medium . * New upstream release. * Recommend pympler required for caches.track_memory_usage setting. . matrix-synapse (1.33.2-1) unstable; urgency=high . * New upstream release. * Explicitly depend on python3-cryptography. * Refresh patch. * SECURITY UPDATE (CVE-2021-29471, GHSA-x345-32rc-8h85): - Denial of service attack via push rule patterns: "Push rules" can specify conditions under which they will match, including event_match, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate-length events. . matrix-synapse (1.31.0-2) unstable; urgency=medium . * Stop using a deprecated dpkg-statoverride option (Closes: #927837). * Remove dpkg-statoverride on purge (Closes: #927838). * Properly escape variables in scripts. * Only log warnings and above to the journal (Closes: #919347). . matrix-synapse (1.31.0-1) unstable; urgency=medium . * New upstream release. * Revert upstream bump of python3-cryptography. . matrix-synapse (1.30.0-1) unstable; urgency=medium . * New upstream release. * Update the watch URL. . matrix-synapse (1.29.0-1) unstable; urgency=medium . * New upstream release. . matrix-synapse (1.28.0-1) unstable; urgency=medium . * New upstream release. Checksums-Sha1: 756ff1411dd6b70a19d8add3e88eee434ff1a63c 2503 matrix-synapse_1.51.0-1~bpo10+2.dsc f96e102d129d2d273630bfe7f88bc84cd4a13e11 109432 matrix-synapse_1.51.0-1~bpo10+2.debian.tar.xz Checksums-Sha256: 8cf8e5f11bd193113c33d81d15bba7bfadd1c2ad3a8df2a49203e287d7d5e92b 2503 matrix-synapse_1.51.0-1~bpo10+2.dsc 5252dc6b89b44cba90e7e576c61987be7fc0a99a776b7a0f74dbaaaed395cfee 109432 matrix-synapse_1.51.0-1~bpo10+2.debian.tar.xz Files: 5d244c5a3f6c26bf68acb954887cb169 2503 net optional matrix-synapse_1.51.0-1~bpo10+2.dsc 4f310735f0a677ba94eb69d580508789 109432 net optional matrix-synapse_1.51.0-1~bpo10+2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCYgOxZQAKCRDoRGtKyMdy YUhqAQCrTgbghhwnOK6HQjj//sXDINifE3LnXoxNQ9c0//chPQEAmtnGNlAtGY+R HPUink9MOuwNbK2B5GGAA5Q6vU9AeA4= =KyeX -----END PGP SIGNATURE-----
