FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-matrix-synapse -- several vulnerabilities

Affected packages
	py310-matrix-synapse	<	1.41.1
	py36-matrix-synapse	<	1.41.1
	py37-matrix-synapse	<	1.41.1
	py38-matrix-synapse	<	1.41.1
	py39-matrix-synapse	<	1.41.1

Details

VuXML ID	a67e358c-0bf6-11ec-875e-901b0e9408dc
Discovery	2021-08-31
Entry	2021-09-02

Matrix developers report:

This release patches two moderate severity issues which could reveal metadata about private rooms:

CVE-2021-39164: Enumerating a private room's list of members and their display names.

CVE-2021-39163: Disclosing a private room's name, avatar, topic, and number of members.

[source]

References

CVE Name	CVE-2021-39163
CVE Name	CVE-2021-39164
FreeBSD PR	ports/258187
URL	https://matrix.org/blog/2021/08/31/synapse-1-41-1-released