5 matches found
CVE-2019-16235
Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280messagecarbons.vala...
Fedora 31 : dino (2019-2555c77f63)
Update dino to a96c8014, which addresses three CVEs. CVE-2019-16235 ============== Dino did not properly check the source of message carbons. https://nvd.nist.gov/vuln/detail/CVE-2019-16235 Fixed in https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc5 49c930 CVE-2019-16236...
Fedora 30 : dino (2019-3d3bb765ca)
Update dino to a96c8014, which addresses three CVEs. CVE-2019-16235 ============== Dino did not properly check the source of message carbons. https://nvd.nist.gov/vuln/detail/CVE-2019-16235 Fixed in https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc5 49c930 CVE-2019-16236...
Fedora 29 : dino (2019-0eb6d51f81)
Update dino to a96c8014, which addresses three CVEs. CVE-2019-16235 ============== Dino did not properly check the source of message carbons. https://nvd.nist.gov/vuln/detail/CVE-2019-16235 Fixed in https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc5 49c930 CVE-2019-16236...
CVE-2019-16235
Dino (XMPP client) is affected by CVE-2019-16235, CVE-2019-16236 and CVE-2019-16237. The underlying issues are improper validation in Dino: CVE-2019-16235 for the source of message carbons, CVE-2019-16236 for roster push authorization, and CVE-2019-16237 for MAM message sources. Exploitation coul...