Overview

Request 1091083 accepted

- Update to 1.85.0
- Security
- GHSA-26c5-ppr8-f33p / CVE-2023-32682 — Low Severity It may be
possible for a deactivated user to login when using uncommon
configurations. (boo#1212055)
- GHSA-98px-6486-j7qc / CVE-2023-32683 — Low Severity A
discovered oEmbed or image URL can bypass the
url_preview_url_blacklist setting potentially allowing server
side request forgery or bypassing network policies. Impact is
limited to IP addresses allowed by the
url_preview_ip_range_blacklist setting (by default this only
allows public IPs). (boo#1212054)

Oliver Kurz's avatar
Oliver Kurz (okurz) -

what are the point of thoso TODO? Either those are updated first or not. No need to include TODOs IMHO

Oliver Kurz's avatar
Oliver Kurz (okurz) -
target maintainer

Hi @darix, I don't understand why you keep updating this package when the package has unresolved dependencies in https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse

Staging Bot's avatar
Staging Bot (staging-bot) -

@cyphar, @darix: review reminder

Marcus Rueckert's avatar
Marcus Rueckert (darix) -
author source maintainer target maintainer

because it builds in my project and instead someone else submitting over my changes and then breaking my link, i submit my work to help

Request History
Marcus Rueckert's avatar

darix created request

- Update to 1.85.0
- Security
- GHSA-26c5-ppr8-f33p / CVE-2023-32682 — Low Severity It may be
possible for a deactivated user to login when using uncommon
configurations. (boo#1212055)
- GHSA-98px-6486-j7qc / CVE-2023-32683 — Low Severity A
discovered oEmbed or image URL can bypass the
url_preview_url_blacklist setting potentially allowing server
side request forgery or bypassing network policies. Impact is
limited to IP addresses allowed by the
url_preview_ip_range_blacklist setting (by default this only
allows public IPs). (boo#1212054)

Oliver Kurz's avatar

okurz accepted request

openSUSE Build Service is sponsored by
Places