Fedora 38: 2023-39eb10ec3c Critical: Syncthing 1.23.5 Cross-Site Threat

Syncthing replaces other file synchronization services with something

open, trustworthy and decentralized. Your data is your data alone and

you deserve to choose where it is stored, if it is shared with some

third party and how it's transmitted over the Internet. Using syncthing,

that control is returned to you.

This package contains the syncthing client binary and systemd services.

Update to version 1.23.5. Addresses CVE-2022-46165.

* Wed Jun 7 2023 Fabio Valentini - 1.23.5-1

- Update to version 1.23.5; Fixes RHBZ#2213024

[ 1 ] Bug #2213011 - CVE-2022-46165 syncthing: Cross-site scripting through malicious files [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2213011

su -c 'dnf upgrade --advisory FEDORA-2023-39eb10ec3c' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: