Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 30: 2019-3d3bb765ca Moderate: Dino Message Carbon Issues Fixed

fedora
Calendar Grey September 19, 2019
Dist Fedora Esm H88
Dino chat application release addresses vulnerabilities in security, emphasizing message validation and user permission protocols. Learn additional details!
Update dino to [a96c8014](https://github.com/dino/dino/compare/016ab2c1...a96c8014), which addresses three CVEs

Summary

A modern XMPP ("Jabber") chat client using GTK+/Vala.

Update dino to

[a96c8014](https://github.com/dino/dino/compare/016ab2c1...a96c8014), which

addresses three CVEs. CVE-2019-16235 ============== Dino did not properly

check the source of message carbons.

https://nvd.nist.gov/vuln/detail/CVE-2019-16235 Fixed in

https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc549c930

CVE-2019-16236 ========== Dino did not check roster push authorization.

https://nvd.nist.gov/vuln/detail/CVE-2019-16236 Fixed in

https://github.com/dino/dino/commit/dd33f5f949248d87d34f399e8846d5ee5b8823d9

CVE-2019-16237 ========== Dinot did not properly check the source of MAM

messages. https://nvd.nist.gov/vuln/detail/CVE-2019-16237 Fixed in

https://github.com/dino/dino/commit/307f16cc86dd2b95aa02ab8a85110e4a2d5e7363

* Thu Sep 12 2019 Randy Barlow - 0.0-0.12.20190912.git.a96c8014

- Update to a96c8014.

- Fixes CVE-2019-16235 (#1751847), CVE-2019-16236 (#1751849), and CVE-2019-16237 (#1751851).

- https://github.com/dino/dino/compare/016ab2c1...a96c8014

* Sat Aug 31 2019 Randy Barlow - 0.0-0.12.20190830.git.016ab2c1

- Update to 016ab2c1.

- https://github.com/dino/dino/compare/8120203d...016ab2c1

* Mon Jun 3 2019 Randy Barlow - 0.9.20190601.git.8120203d

- Correct the commit date in the Release field, it was a typo in the prior commit.

* Sat Jun 1 2019 Randy Barlow - 0.8.20190701.git.git.8120203d

- Update to 8120203d.

- https://github.com/dino/dino/compare/f4778ef3...8120203d

* Sun May 5 2019 Randy Barlow - 0.0-0.7.20190429.git.f4778ef3

- Update to f4778ef3.

- https://github.com/dino/dino/compare/330649a...f4778ef3

[ 1 ] Bug #1751851 - CVE-2019-16237: dino does not properly check the source of an MAM messages

https://bugzilla.redhat.com/show_bug.cgi?id=1751851

[ 2 ] Bug #1751849 - CVE-2019-16236: dino does not check roster push authorization

https://bugzilla.redhat.com/show_bug.cgi?id=1751849

[ 3 ] Bug #1751847 - CVE-2019-16235: Dino before does not properly check the source of a carbons

https://bugzilla.redhat.com/show_bug.cgi?id=1751847

su -c 'dnf upgrade --advisory FEDORA-2019-3d3bb765ca' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory update Fedora authorization issue dino message carbon XMPP client

Change Log

References

Update Instructions

Product: Fedora 30
Version: 0.0
Release: 0.12.20190912.git.a96c801.fc30
URL: https://github.com/dino/dino
Summary: Modern XMPP ("Jabber") Chat Client using GTK+/Vala

Topics%20covered

Topics Covered

security advisory update Fedora authorization issue dino message carbon XMPP client

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here