UbuntuUpdates.org

Package "dino-im-common"

Name: dino-im-common

Description:

modern XMPP client - common files

Latest version: 0.0.git20180130-1ubuntu0.1
Release: bionic (18.04)
Level: updates
Repository: universe
Head package: dino-im
Homepage: https://github.com/dino/dino

Links


Download "dino-im-common"


Other versions of "dino-im-common" in Bionic

Repository Area Version
security universe 0.0.git20180130-1ubuntu0.1

Changelog

Version: 0.0.git20180130-1ubuntu0.1 2020-03-18 00:06:33 UTC

  dino-im (0.0.git20180130-1ubuntu0.1) bionic-security; urgency=high

  * Cherry pick upstream security fixes (LP: #1866113)
    - SECURITY UPDATE: Fix check of source of a carbons message (CVE-2019-16235)
    - SECURITY UPDATE: Check roster push authorization (CVE-2019-16236)
    - SECURITY UPDATE: Fix check of source of MAM message (CVE-2019-16237)
  * Accept IV sizes of 12 in addition to 16 to enable reading messages
    sent from clients using 12-byte IVs again (LP: #1866115)

 -- Julian Andres Klode <email address hidden> Wed, 04 Mar 2020 15:20:07 +0100

1866113 CVE-2019-16235, CVE-2019-16236, CVE-2019-16237
1866115 Support reading messages with 12-byte IVs
CVE-2019-16235 Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala.
CVE-2019-16236 Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala.
CVE-2019-16237 Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala.



About   -   Send Feedback to @ubuntu_updates