matrix/thirdparty/synapse.git - Unnamed repository; edit this file 'description' to name the repository.

tag name	v1.95.1 (5fa1309c2cf78d6fc2b53e0bc5a6777be807037a)
tag date	2023-10-31 14:05:07 +0000
tagged by	Erik Johnston <erik@matrix.org>
tagged object	commit a11511954a...
download	synapse-1.95.1.tar.xz

The following issue is fixed in 1.95.1.

- [GHSA-mp92-3jfm-3575](https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575) / [CVE-2023-43796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43796) — Moderate Severity

  Cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver.

See the advisory for more details. If you have any questions, email security@matrix.org.
-----BEGIN PGP SIGNATURE-----

iQFEBAABCgAuFiEEBTGR3/RnAzBGUif3pULk7RsPrAkFAmVBCZMQHGVyaWtAbWF0
cml4Lm9yZwAKCRClQuTtGw+sCVp+CACQ52RgyvLWMLMkP2Z1RlWJJmsEQsLO8HuJ
gMNq7FU1lxKMImmEsP+u3TmTzbWJkbKJREyvThXTQoAswllX4WtU5HZYHXWiiwRh
EkDIFbkHsZT9+OPrxnXPRX3dmls40mWa9fDry9zalak3VRR02lrERrYkcYuPVi4d
C8IyKr5gYVBXGG/PPP65esR6PoKJPIfD0d7A97Nb5mUCLxNaSQaXYA6aVFn251xe
s0tF1nQmiB5WWKNjrn4i4KX9DmtLPrzdmQEzhuXw1ATkHAOlbAmPQhUKIqb9l+u7
wHBjQBJx4kSfreTItqWmx362RUZyuhwLV+3RL0pj+D8wHOVcpWtx
=sXkV
-----END PGP SIGNATURE-----