| Summary: | dino new security issue CVE-2023-28686 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, geiger.david68210, mageia, sysadmin-bugs, tarazed25 |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | dino-0.2.0-1.1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2023-03-24 13:17:41 CET
David Walser
2023-03-24 13:17:58 CET
Status comment:
(none) =>
Fixed upstream in 0.2.3 and 0.4.2 Done for both mga8 and Cauldron! Assigning to QA. Whiteboard:
MGA8TOO =>
(none) dino-0.2.3-1.mga8 from dino-0.2.3-1.mga8.src.rpm Note that Cauldron is still awaiting a freeze move. CC:
(none) =>
geiger.david68210 mga8, x64 Installed dino and tried it out, launched from the command line. It seems like a chat room service. $ dino launches an interface where you can sign on. Successfully created a user account and logged off. Installed the update package and ran dino again. Looked at the help options and visited the home site where it is described as a chat client. Logged in OK in the terminal but did not know where to go from there. Seems to work as far as access is concerned. CC:
(none) =>
tarazed25 I was just researching it, learning it's an XMPP chat client. I'm not much of a chatterer these days, but I was going to try it anyway. I'm just as happy that you beat me to it. Herman tested the last update, bug 29329, doing essentially the same thing you did, so your test should indeed be sufficient. Validating. Keywords:
(none) =>
validated_update
Dave Hodgins
2023-03-29 15:17:21 CEST
Keywords:
(none) =>
advisory Debian has issued an advisory for this on March 27: https://www.debian.org/security/2023/dsa-5379 An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0122.html Resolution:
(none) =>
FIXED |