security/vuxml: Document py-matrix-synapse vulnerabilities

PR:		258187
Reported by:	Sascha Biberhofer <ports@skyforge.at>
Security:	a67e358c-0bf6-11ec-875e-901b0e9408dc
Security:	CVE-2021-39163
Security:	CVE-2021-39164

1 files changed, 39 insertions, 0 deletions

diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml
index 2b7395808059..31ce37c2583d 100644
--- a/security/vuxml/vuln-2021.xml
+++ b/security/vuxml/vuln-2021.xml
@@ -1,3 +1,42 @@
+  <vuln vid="a67e358c-0bf6-11ec-875e-901b0e9408dc">
+    <topic>py-matrix-synapse -- several vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>py36-matrix-synapse</name>
+	<name>py37-matrix-synapse</name>
+	<name>py38-matrix-synapse</name>
+	<name>py39-matrix-synapse</name>
+	<name>py310-matrix-synapse</name>
+	<range><lt>1.41.1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Matrix developers report:</p>
+	<blockquote cite="https://matrix.org/blog/2021/08/31/synapse-1-41-1-released">
+	  <p>This release patches two moderate severity issues which
+	  could reveal metadata about private rooms:</p>
+	  <ul>
+	    <li>CVE-2021-39164: Enumerating a private room's list of
+	    members and their display names.</li>
+	    <li>CVE-2021-39163: Disclosing a private room's name,
+	    avatar, topic, and number of members.</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <freebsdpr>ports/258187</freebsdpr>
+      <cvename>CVE-2021-39164</cvename>
+      <cvename>CVE-2021-39163</cvename>
+      <url>https://matrix.org/blog/2021/08/31/synapse-1-41-1-released</url>
+    </references>
+    <dates>
+      <discovery>2021-08-31</discovery>
+      <entry>2021-09-02</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="032643d7-0ba7-11ec-a689-080027e50e6d">
     <topic>Python -- multiple vulnerabilities</topic>
     <affects>