Package: dino-im Version: 0.4.1-1 Severity: important Dear Maintainer,
I saw an announcement on the dino-im muc that there's a security vulnerability in dino. https://dino.im/security/cve-2023-28686/ I believe this is the patch upstream recommends appling to fix it. https://github.com/dino/dino/commit/ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec.patch For myself I cloned dino-im from salsa cd debian/patches/ curl -L -o cve-2023-28686.patch https://github.com/dino/dino/commit/ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec.patch echo cve-2023-28686.patch >> series sbuild -d unstable It built successfully with the patch. I could do an NMU if you're busy, but it was also a really a trivial update to apply. Thanks Diane Trout -- System Information: Debian Release: bookworm/sid APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing-debug'), (500, 'testing'), (110, 'unstable'), (100, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-6-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages dino-im depends on: ii dino-im-common 0.4.1-1 ii libadwaita-1-0 1.2.2-1 ii libc6 2.36-8 ii libcairo2 1.16.0-7 ii libgcc-s1 12.2.0-14 ii libgcrypt20 1.10.1-3 ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1 ii libgee-0.8-2 0.20.6-1 ii libglib2.0-0 2.74.6-1 ii libgnutls30 3.7.9-1 ii libgpgme11 1.18.0-3+b1 ii libgraphene-1.0-0 1.10.8-1 ii libgstreamer-plugins-base1.0-0 1.22.0-3 ii libgstreamer1.0-0 1.22.0-2 ii libgtk-4-1 4.8.3+ds-2 ii libgtk-4-media-gstreamer 4.8.3+ds-2 ii libicu72 72.1-3 ii libnice10 0.1.21-1 ii libpango-1.0-0 1.50.12+ds-1 ii libqrencode4 4.1.1-1 ii libsignal-protocol-c2.3.2 2.3.3-2 ii libsoup-3.0-0 3.2.2-2 ii libsqlite3-0 3.40.1-1 ii libsrtp2-1 2.5.0-3 ii libstdc++6 12.2.0-14 ii libwebrtc-audio-processing1 0.3-1+b1 Versions of packages dino-im recommends: ii ca-certificates 20230311 ii dbus 1.14.6-1 ii fonts-noto-color-emoji 2.038-1 ii network-manager 1.42.0-1 dino-im suggests no packages. -- no debconf information