[SECURITY] [DSA 4524-1] dino-im security update

From: Moritz Muehlenhoff <jmm@debian.org>
To: bugtraq@securityfocus.com
Cc:
Subject: [SECURITY] [DSA 4524-1] dino-im security update
Date:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4524-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 16, 2019                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : dino-im
CVE ID         : CVE-2019-16235 CVE-2019-16236 CVE-2019-16237

Multiple vulnerabilities have been discovered in the Dino XMPP client,
which could allow spoofing message, manipulation of a user's roster
(contact list) and unauthorised sending of message carbons.

For the stable distribution (buster), these problems have been fixed in
version 0.0.git20181129-1+deb10u1.

We recommend that you upgrade your dino-im packages.

For the detailed security status of dino-im please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dino-im

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1/5m4ACgkQEMKTtsN8
TjZoew//VzHzRJugquWiQMLE3U9FZ5gxST5PHZELo2Dra/dG/ZwCDEmN2D5LJQdw
y/mS5E8X7jxiDIBQkbbXqPlZZ2vMZYw/WM0uu8X1OyzVM2yk/TBaq2bhi81J4SCy
Nd87xICSAZFkfRAE8E97+PSvT8nPJ3BkqcFm59NrShPyS4rhc091E2pkYlGbOwCS
CTdenMWkJXlSZBwmg2zUoLWp7asGlM35OggZEVoexim+3hGO6mm15sejqH4TzuRa
UdwbsO/TtQhBsj/BDmnPfXwkjkwoM40xr2Yko+HD3QzZCQ4oE2SQ37weu9qB2UU3
qBLB0wsvD5JMwq4mEZYsB//WAMPt875WujEl85Z19ri0TEWUHSKCvtcUdlnAigiQ
YL6GkwwVRN3+mHKUvs4u4+kvuO2Uyr0aPjki0nKMTJp+aLPhug3xgGWuyGlX0BIT
0B5XW+BMEj/N4ynVN+1Z5EkfuzkrArwTs3cZlCJi5ILXO8iNBPhIbRFJxUUkbUv2
0bScafddSNVk2EyLPYo1vvNdMiq5hKr12jvgfX+Jq++XpJX5KPMHEHWZ03HqHfjF
avneQfQYGsyhyq1MmCNxzY/gLZ3DKh7yv+Tg0BbeC/UDTDjs41IgVquRlickHbI6
5D6JZMQCJDk9ShOwSPKF60DkER7E/Tga/r/ryjw1K3ftwfG30nw=
=93xm
-----END PGP SIGNATURE-----





Copyright © 1995-2019 LinuxRocket.net. All rights reserved.