Bugzilla – Bug 1096833
VUL-0: CVE-2018-12291: matrix-synapse: event visibility rules not applied correctly
Last modified: 2022-11-24 14:25:03 UTC
Changes in synapse v0.31.1 (2018-06-08)
v0.31.1 fixes a security bug in the get_missing_events federation API
where event visibility rules were not applied correctly.
We are not aware of it being actively exploited but please upgrade asap.
Fix event filtering in get_missing_events handler (PR #3371)
*** Bug 1096832 has been marked as a duplicate of this bug. ***
to backport, run osc mbranch matrix-synapse, and apply the following patch:
I meant https://build.opensuse.org/request/show/616522 (with the patch file)
back to security then according to astieger
CVE-2018-12291 was assigned to this.
openSUSE-SU-2018:1767-1: An update that fixes one vulnerability is now available.
Category: security (moderate)
Bug References: 1096833
CVE References: CVE-2018-12291
openSUSE Leap 15.0 (src): matrix-synapse-0.28.1-lp220.127.116.11, matrix-synapse-test-0.28.1-lp18.104.22.168
This is an autogenerated message for OBS integration:
This bug (1096833) was mentioned in
https://build.opensuse.org/request/show/1037916 Backports:SLE-15-SP4 / matrix-synapse