Tobias Maedel discovered that the mod_copy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands.
July CPU update. See: http://openjdk.java.net/groups/vulnerability/advisories/2019-07-16 and https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-July/001423.html
This release includes four security fixes: – Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms. – Prevent a denial-of-service attack where cycles of redaction events would make Synapse spin infinitely. – Prevent an attack where users could be joined or parted from public rooms without their consent. – Fix a vulnerability where a
July CPU update. See: http://openjdk.java.net/groups/vulnerability/advisories/2019-07-16 and https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-July/001423.html
SoX could be made to crash if it received a specially crafted MP3 file.