5 matches found
CVE-2019-16236
Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala...
Fedora 31 : dino (2019-2555c77f63)
Update dino to a96c8014, which addresses three CVEs. CVE-2019-16235 ============== Dino did not properly check the source of message carbons. https://nvd.nist.gov/vuln/detail/CVE-2019-16235 Fixed in https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc5 49c930 CVE-2019-16236...
Fedora 29 : dino (2019-0eb6d51f81)
Update dino to a96c8014, which addresses three CVEs. CVE-2019-16235 ============== Dino did not properly check the source of message carbons. https://nvd.nist.gov/vuln/detail/CVE-2019-16235 Fixed in https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc5 49c930 CVE-2019-16236...
Fedora 30 : dino (2019-3d3bb765ca)
Update dino to a96c8014, which addresses three CVEs. CVE-2019-16235 ============== Dino did not properly check the source of message carbons. https://nvd.nist.gov/vuln/detail/CVE-2019-16235 Fixed in https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc5 49c930 CVE-2019-16236...
CVE-2019-16236
CVE-2019-16236 affects the Dino XMPP client (GTK+/Vala). The vulnerability arises from Dino not checking roster push authorization in module/roster/module.vala, enabling potential unauthorized roster push actions. Reported CVSS metrics show two vectors: CVSS v2 base 5.0 (NETWORK/LOW complexity, I...