AVG-846 log

Package matrix-synapse
Status Fixed
Severity High
Type private key recovery
Affected 0.34.0-1
Fixed 0.34.1.1-1
Current 1.121.1-2 [extra-testing]
1.120.2-1 [extra]
Ticket None
Created Thu Jan 10 18:55:11 2019
Issue Severity Remote Type Description
CVE-2019-5885 High No Private key recovery
matrix-synapse before 0.34.1 is vulnerable to private key recovery as synapse will attempt to derive a secret key from other secrets specified in the...
Date Advisory Package Type
24 Jan 2019 ASA-201901-12 matrix-synapse private key recovery