AVG-846

Package matrix-synapse
Status Fixed
Severity High
Type private key recovery
Affected 0.34.0-1
Fixed 0.34.1.1-1
Current 0.99.2-2 [community-testing]
0.99.2-1 [community]
Ticket None
Created Thu Jan 10 18:55:11 2019
Issue Severity Remote Type Description
CVE-2019-5885 High No Private key recovery
matrix-synapse before 0.34.1 is vulnerable to private key recovery as synapse will attempt to derive a secret key from other secrets specified in the...
Date Advisory Package Description
24 Jan 2019 ASA-201901-12 matrix-synapse private key recovery