[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20190916194642.4q66qfpbppqz7kpl@seger.debian.org>
Date: Mon, 16 Sep 2019 19:46:42 +0000
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4524-1] dino-im security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4524-1 security@...ian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : dino-im
CVE ID : CVE-2019-16235 CVE-2019-16236 CVE-2019-16237
Multiple vulnerabilities have been discovered in the Dino XMPP client,
which could allow spoofing message, manipulation of a user's roster
(contact list) and unauthorised sending of message carbons.
For the stable distribution (buster), these problems have been fixed in
version 0.0.git20181129-1+deb10u1.
We recommend that you upgrade your dino-im packages.
For the detailed security status of dino-im please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dino-im
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1/5m4ACgkQEMKTtsN8
TjZoew//VzHzRJugquWiQMLE3U9FZ5gxST5PHZELo2Dra/dG/ZwCDEmN2D5LJQdw
y/mS5E8X7jxiDIBQkbbXqPlZZ2vMZYw/WM0uu8X1OyzVM2yk/TBaq2bhi81J4SCy
Nd87xICSAZFkfRAE8E97+PSvT8nPJ3BkqcFm59NrShPyS4rhc091E2pkYlGbOwCS
CTdenMWkJXlSZBwmg2zUoLWp7asGlM35OggZEVoexim+3hGO6mm15sejqH4TzuRa
UdwbsO/TtQhBsj/BDmnPfXwkjkwoM40xr2Yko+HD3QzZCQ4oE2SQ37weu9qB2UU3
qBLB0wsvD5JMwq4mEZYsB//WAMPt875WujEl85Z19ri0TEWUHSKCvtcUdlnAigiQ
YL6GkwwVRN3+mHKUvs4u4+kvuO2Uyr0aPjki0nKMTJp+aLPhug3xgGWuyGlX0BIT
0B5XW+BMEj/N4ynVN+1Z5EkfuzkrArwTs3cZlCJi5ILXO8iNBPhIbRFJxUUkbUv2
0bScafddSNVk2EyLPYo1vvNdMiq5hKr12jvgfX+Jq++XpJX5KPMHEHWZ03HqHfjF
avneQfQYGsyhyq1MmCNxzY/gLZ3DKh7yv+Tg0BbeC/UDTDjs41IgVquRlickHbI6
5D6JZMQCJDk9ShOwSPKF60DkER7E/Tga/r/ryjw1K3ftwfG30nw=
=93xm
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists