[Bug 281624] net-im/py-matrix-synapse: Update to 112.0 or higher to address security issue CVE-2024-41671

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 281624] net-im/py-matrix-synapse: Update to 112.0 or higher to address security issue CVE-2024-41671"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 29 Sep 2024 18:46:59 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281624

--- Comment #2 from Sascha Biberhofer <ports@skyforge.at> ---
I'm afraid that this is misleading, as the update itself addresses nothing from
a ports point of view. It merely pins a sufficiently recent py-twisted version
in synapse's poetry.lock file. This file only matters when poetry is used to
create a venv, which the port does not do. The correct (and only) way to
address this issue is by updating the py-twisted port, I'm afraid.

I'm not sure if an issue for the twisted port has already been filed, but the
port itself seems to be outdated and most likely vulnerable. I'd suggest
closing/renaming this issue and opening an issue against py-twisted so that
this vulnerability can be addressed properly.

-- 
You are receiving this mail because:
You are the assignee for the bug.