[Git][security-tracker-team/security-tracker][master] Add new matrix-synapse issues

Tue, 03 Dec 2024 12:36:28 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2771c6c2 by Salvatore Bonaccorso at 2024-12-03T21:35:05+01:00
Add new matrix-synapse issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,15 +7,22 @@ CVE-2024-53999 (Mobile Security Framework (MobSF) is a 
pen-testing, malware anal
 CVE-2024-53921 (An issue was discovered in the installer in Samsung Magician 
8.1.0 on  ...)
        NOT-FOR-US: Samsung
 CVE-2024-53867 (Synapse is an open-source Matrix homeserver. The Sliding Sync 
feature  ...)
-       TODO: check
+       - matrix-synapse <unfixed>
+       NOTE: 
https://github.com/element-hq/synapse/security/advisories/GHSA-56w4-5538-8v8h
+       NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/4186
 CVE-2024-53863 (Synapse is an open-source Matrix homeserver. In Synapse 
versions befor ...)
-       TODO: check
+       - matrix-synapse <unfixed>
+       NOTE: 
https://github.com/element-hq/synapse/security/advisories/GHSA-vp6v-whfm-rv3g
 CVE-2024-53257 (Vitess is a database clustering system for horizontal scaling 
of MySQL ...)
        NOT-FOR-US: Vitess
 CVE-2024-52815 (Synapse is an open-source Matrix homeserver. Synapse versions 
before 1 ...)
-       TODO: check
+       - matrix-synapse <unfixed>
+       NOTE: 
https://github.com/element-hq/synapse/security/advisories/GHSA-f3r3-h2mq-hx2h
 CVE-2024-52805 (Synapse is an open-source Matrix homeserver. In Synapse before 
1.120.1 ...)
-       TODO: check
+       - matrix-synapse <unfixed>
+       NOTE: 
https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2
+       NOTE: 
https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518
+       NOTE: 
https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609
 CVE-2024-52548 (An attacker who can execute arbitrary Operating Systems 
commands, can  ...)
        TODO: check
 CVE-2024-52547 (An authenticated attacker can trigger a stack based buffer 
overflow in ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2771c6c2ea3ce57f71648359daee52c7d9c581c7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2771c6c2ea3ce57f71648359daee52c7d9c581c7
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to