CVE-2021-29432

NameCVE-2021-29432
DescriptionSydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
matrix-sydent (PTS)sid2.5.1-1.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
matrix-sydentsource(unstable)(not affected)

Notes

- matrix-sydent <not-affected> (Fixed before initial upload to Debian)
https://github.com/matrix-org/sydent/security/advisories/GHSA-mh74-4m5g-fcjx
Search for package or bug name: Reporting problems