Advisories » MGASA-2023-0122

Updated dino packages fix security vulnerability

Publication date: 31 Mar 2023
Modification date: 30 Mar 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-28686

Description

When a Dino client receives a specifically crafted message from an
unauthorized sender, it would use information from that message to add,
update or remove entries in the user’s personal bookmark store without
requiring further user interaction. (CVE-2023-28686)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31726
• https://dino.im/security/cve-2023-28686/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28686

SRPMS

8/core

• dino-0.2.3-1.mga8