oss-sec mailing list archives
3 CVEs in dino
From: Randy Barlow <randy () electronsweatshop com>
Date: Thu, 12 Sep 2019 13:43:47 -0400
Three CVEs have been identified and fixed in Dino. CVE-2019-16235 ============== Dino did not properly check the source of message carbons. https://nvd.nist.gov/vuln/detail/CVE-2019-16235 Fixed in https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc549c930 CVE-2019-16236 ========== Dino did not check roster push authorization. https://nvd.nist.gov/vuln/detail/CVE-2019-16236 Fixed in https://github.com/dino/dino/commit/dd33f5f949248d87d34f399e8846d5ee5b8823d9 CVE-2019-16237 ========== Dinot did not properly check the source of MAM messages. https://nvd.nist.gov/vuln/detail/CVE-2019-16237 Fixed in https://github.com/dino/dino/commit/307f16cc86dd2b95aa02ab8a85110e4a2d5e7363
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- 3 CVEs in dino Randy Barlow (Sep 12)