oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

3 CVEs in dino

From: Randy Barlow <randy () electronsweatshop com>
Date: Thu, 12 Sep 2019 13:43:47 -0400
Three CVEs have been identified and fixed in Dino.

CVE-2019-16235
==============

Dino did not properly check the source of message carbons.

https://nvd.nist.gov/vuln/detail/CVE-2019-16235

Fixed in https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc549c930


CVE-2019-16236
==========

Dino did not check roster push authorization.

https://nvd.nist.gov/vuln/detail/CVE-2019-16236

Fixed in https://github.com/dino/dino/commit/dd33f5f949248d87d34f399e8846d5ee5b8823d9


CVE-2019-16237
==========

Dinot did not properly check the source of MAM messages.

https://nvd.nist.gov/vuln/detail/CVE-2019-16237

Fixed in https://github.com/dino/dino/commit/307f16cc86dd2b95aa02ab8a85110e4a2d5e7363

Attachment: signature.asc
Description: This is a digitally signed message part

Previous By Date Next
Previous By Thread Next

Current thread: