[FREEBSD:CB902A77-3F43-11ED-9402-901B0E9408DC] Matrix clients -- several vulnerabilities

Severity High

Affected Packages 2

CVEs 4

Matrix developers report:

  Two critical severity vulnerabilities in end-to-end encryption were
  found in the SDKs which power Element, Beeper, Cinny, SchildiChat,
  Circuli, Synod.im and any other clients based on matrix-js-sdk,
  matrix-ios-sdk or matrix-android-sdk2.

Package	Affected Version
pkg:freebsd/element-web	< 1.11.7
pkg:freebsd/cinny	< 2.2.1

ID

FREEBSD:CB902A77-3F43-11ED-9402-901B0E9408DC

Severity

high

Severity from

CVE-2022-39249

URL

http://vuxml.freebsd.org/freebsd/cb902a77-3f43-11ed-9402-901b0e9408dc.html

Published

2022-09-23T00:00:00
(2 years ago)

Modified

2022-09-28T00:00:00
(2 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:freebsd/element-web		element-web	< 1.11.7
Affected	pkg:freebsd/cinny		cinny	< 2.2.1

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date