29329 – dino new security issue CVE-2021-33896

Bug 29329 - dino new security issue CVE-2021-33896

Summary: dino new security issue CVE-2021-33896

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2021-08-04 20:17 CEST by David Walser
Modified:	2021-08-14 16:01 CEST (History)
CC List:	4 users (show)

See Also:
Source RPM:	dino-0.2.0-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-08-04 20:17:38 CEST

Fedora has issued an advisory on June 16:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P55V3TVSVXREOJAJRXNUSBEUZFOU54V3/

The issue is fixed upstream in 0.2.1:
https://dino.im/security/cve-2021-33896/

Comment 1 Nicolas Lécureuil 2021-08-05 12:25:57 CEST

Fixed in mga8:

src:
    - dino-0.2.0-1.1.mga8

CC: (none) => mageia
Assignee: geiger.david68210 => qa-bugs

Comment 2 Herman Viaene 2021-08-06 15:22:30 CEST

MGA8-64 Plasma on Lenovo B50
No installation issues.
Started dino and registered in jabber.fr, seems OK.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 3 Thomas Andrews 2021-08-11 13:44:00 CEST

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2021-08-14 12:20:51 CEST

Keywords: (none) => advisory

Comment 4 Mageia Robot 2021-08-14 16:01:45 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0401.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.