[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] 3 CVEs in dino
From: Randy Barlow <randy () electronsweatshop ! com>
Date: 2019-09-12 17:43:47
Message-ID: 12565f8bad84ea9a77dadaaae0509b4cfa122fc3.camel () electronsweatshop ! com
[Download RAW message or body]
Three CVEs have been identified and fixed in Dino.
CVE-2019-16235
==============
Dino did not properly check the source of message carbons.
https://nvd.nist.gov/vuln/detail/CVE-2019-16235
Fixed in https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc549c930
CVE-2019-16236
==========
Dino did not check roster push authorization.
https://nvd.nist.gov/vuln/detail/CVE-2019-16236
Fixed in https://github.com/dino/dino/commit/dd33f5f949248d87d34f399e8846d5ee5b8823d9
CVE-2019-16237
==========
Dinot did not properly check the source of MAM messages.
https://nvd.nist.gov/vuln/detail/CVE-2019-16237
Fixed in https://github.com/dino/dino/commit/307f16cc86dd2b95aa02ab8a85110e4a2d5e7363
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic