Upstream has issued an advisory on March 23: https://dino.im/security/cve-2023-28686/ The issue is fixed upstream in 0.2.3 and 0.4.2. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 0.2.3 and 0.4.2CC: (none) => mageiaWhiteboard: (none) => MGA8TOO
Done for both mga8 and Cauldron! Assigning to QA.
Whiteboard: MGA8TOO => (none)Status comment: Fixed upstream in 0.2.3 and 0.4.2 => (none)Assignee: geiger.david68210 => qa-bugsVersion: Cauldron => 8
dino-0.2.3-1.mga8 from dino-0.2.3-1.mga8.src.rpm Note that Cauldron is still awaiting a freeze move.
CC: (none) => geiger.david68210Source RPM: dino-0.4.1-1.mga9.src.rpm => dino-0.2.0-1.1.mga8.src.rpm
mga8, x64 Installed dino and tried it out, launched from the command line. It seems like a chat room service. $ dino launches an interface where you can sign on. Successfully created a user account and logged off. Installed the update package and ran dino again. Looked at the help options and visited the home site where it is described as a chat client. Logged in OK in the terminal but did not know where to go from there. Seems to work as far as access is concerned.
CC: (none) => tarazed25Whiteboard: (none) => MGA8-64-OK
I was just researching it, learning it's an XMPP chat client. I'm not much of a chatterer these days, but I was going to try it anyway. I'm just as happy that you beat me to it. Herman tested the last update, bug 29329, doing essentially the same thing you did, so your test should indeed be sufficient. Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
Debian has issued an advisory for this on March 27: https://www.debian.org/security/2023/dsa-5379
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0122.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED