Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 32: FEDORA-2020-3514d16f24 Moderate: Review of Program A's Security

fedora
Calendar Grey September 17, 2019
Dist Fedora Esm H88
This patch for the dino messenger application on Fedora 31 addresses several bugs, improving defenses against possible vulnerabilities.
Update dino to [a96c8014](https://github.com/dino/dino/compare/016ab2c1...a96c8014), which addresses three CVEs

Summary

A modern XMPP ("Jabber") chat client using GTK+/Vala.

Update dino to

[a96c8014](https://github.com/dino/dino/compare/016ab2c1...a96c8014), which

addresses three CVEs. CVE-2019-16235 ============== Dino did not properly

check the source of message carbons.

https://nvd.nist.gov/vuln/detail/CVE-2019-16235 Fixed in

https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc549c930

CVE-2019-16236 ========== Dino did not check roster push authorization.

https://nvd.nist.gov/vuln/detail/CVE-2019-16236 Fixed in

https://github.com/dino/dino/commit/dd33f5f949248d87d34f399e8846d5ee5b8823d9

CVE-2019-16237 ========== Dinot did not properly check the source of MAM

messages. https://nvd.nist.gov/vuln/detail/CVE-2019-16237 Fixed in

https://github.com/dino/dino/commit/307f16cc86dd2b95aa02ab8a85110e4a2d5e7363

[ 1 ] Bug #1751851 - CVE-2019-16237: dino does not properly check the source of an MAM messages

https://bugzilla.redhat.com/show_bug.cgi?id=1751851

[ 2 ] Bug #1751849 - CVE-2019-16236: dino does not check roster push authorization

https://bugzilla.redhat.com/show_bug.cgi?id=1751849

[ 3 ] Bug #1751847 - CVE-2019-16235: Dino before does not properly check the source of a carbons

https://bugzilla.redhat.com/show_bug.cgi?id=1751847

su -c 'dnf upgrade --advisory FEDORA-2019-2555c77f63' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory security issue Fedora moderate severity dino source check message authorization

Change Log

References

Update Instructions

Product: Fedora 31
Version: 0.0
Release: 0.13.20190912.git.a96c801.fc31
URL: https://github.com/dino/dino
Summary: Modern XMPP ("Jabber") Chat Client using GTK+/Vala

Topics%20covered

Topics Covered

security advisory security issue Fedora moderate severity dino source check message authorization

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here