-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 25 May 2024 16:22:51 +0200 Source: matrix-synapse Architecture: source Version: 1.103.0-2 Distribution: unstable Urgency: medium Maintainer: Matrix Packaging Team <pkg-matrix-maintainers@lists.alioth.debian.org> Changed-By: Andrej Shadura <andrewsh@debian.org> Closes: 1069763 Changes: matrix-synapse (1.103.0-2) unstable; urgency=medium . * Fix CVE-2024-31208 / GHSA-3h7q-rfh9-xm4v: - Weakness in auth chain indexing allows DoS from remote room members through disk fill and high CPU usage. Closes: 1069763 Checksums-Sha1: 8938744eaeb84b9a2500a4e35809659fc6854d66 3230 matrix-synapse_1.103.0-2.dsc 34d1e40682bcc873958c25eaa3c301ffe7d77807 128588 matrix-synapse_1.103.0-2.debian.tar.xz Checksums-Sha256: ca320d936bb9ebdbf1da33cdba7a19b4853262ca8535c7f0b4a0022583d9ca9d 3230 matrix-synapse_1.103.0-2.dsc fa7e9139e75fa41ac022ff60d7ac61051c61e0e4a1ee82827737d85eb245a3ab 128588 matrix-synapse_1.103.0-2.debian.tar.xz Files: 1da88fab329d4ae0d40003365b9c292d 3230 net optional matrix-synapse_1.103.0-2.dsc 3eb711c8d2880d002c0d0077bb7ee75c 128588 net optional matrix-synapse_1.103.0-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCZlH0jQAKCRDoRGtKyMdy YU0lAP0ZwHjsRLQL4zAAb+aiTBNCJcu7mxoHLILaOFIO3TCYnAD/TDmC+KZ+ONXC BfUB6kWJYvyL7vyzcuJ51+TkpkpEHAQ= =xrQH -----END PGP SIGNATURE-----