[Bug 1848709] Re: implementation is unusably old and contains significant security problems
Steve Langasek
1848709 at bugs.launchpad.net
Wed Oct 4 06:11:36 UTC 2023
> but Debian does not include matrix-synapse in Debian Stable releases.
[citation needed]
matrix-synapse /was not/ included in the most recent Debian release.
But there are no open release-critical bugs against it and it is in
Debian testing, so there is nothing to indicate that /as a policy/ it is
not being included in Debian releases.
And the bug originally reported here was against the version of the
package in bionic, a year and a half after bionic released. That
security vulnerabilities were discovered in a package over the life
cycle of a stable release is also not a reason for us to remove it.
I would certainly accept guidance from the Security Team that this
package should be removed so that it does not have to be supported under
ESM.
But https://ubuntu.com/security/cves?q=&package=matrix-
synapse&priority=&version=&status= also shows none of these CVEs are
scored above 'medium' priority.
** Changed in: matrix-synapse (Ubuntu)
Status: Confirmed => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1848709
Title:
implementation is unusably old and contains significant security
problems
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/matrix-synapse/+bug/1848709/+subscriptions
More information about the ubuntu-archive
mailing list