On 4/29/24 9:43 AM, Landry Breuil wrote:
The commit for the fix is https://github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01aLe Mon, Apr 29, 2024 at 09:38:25AM +0200, Renaud Allard a écrit :Hello, This is a small update for net/synapse to 1.105.1 to solve CVE-2024-31208can you assess whether this should be backported to 7.5-stable, only a single commit, the complete update ?
It seems it affects all versions prior to 1.105.1.I don't think backporting the whole version is really an issue, it might be more simple than to just add the fix. There are no breaking changes between the versions and I have tested the backport on -stable.
Given that it can more or less corrupt the database by filling the disk, it might be a good idea to backport it to -stable.
smime.p7s
Description: S/MIME Cryptographic Signature