Update dino to a96c8014, which addresses three CVEs.

CVE-2019-16235

Dino did not properly check the source of message carbons.

https://nvd.nist.gov/vuln/detail/CVE-2019-16235

Fixed in https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc549c930

CVE-2019-16236

Dino did not check roster push authorization.

https://nvd.nist.gov/vuln/detail/CVE-2019-16236

Fixed in https://github.com/dino/dino/commit/dd33f5f949248d87d34f399e8846d5ee5b8823d9

CVE-2019-16237

Dinot did not properly check the source of MAM messages.

https://nvd.nist.gov/vuln/detail/CVE-2019-16237

Fixed in https://github.com/dino/dino/commit/307f16cc86dd2b95aa02ab8a85110e4a2d5e7363

How to install

sudo dnf upgrade --advisory=FEDORA-2019-3d3bb765ca

This update has been submitted for testing by bowlofeggs.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon atim provided feedback 2 years ago
karma

This update can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
BZ#1751847 CVE-2019-16235: Dino before does not properly check the source of a carbons
0
0
BZ#1751849 CVE-2019-16236: dino does not check roster push authorization
0
0
BZ#1751851 CVE-2019-16237: dino does not properly check the source of an MAM messages
0
0

Automated Test Results