CVE 2019-16236

Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala.

Related bugs and status

CVE-2019-16236 (Candidate) is related to these bugs:

Bug #1866113: CVE-2019-16235, CVE-2019-16236, CVE-2019-16237

Summary				In	Importance	Status
	1866113	CVE-2019-16235, CVE-2019-16236, CVE-2019-16237		dino-im (Ubuntu)	Undecided	Fix Released
	1866113	CVE-2019-16235, CVE-2019-16236, CVE-2019-16237		dino-im (Ubuntu Bionic)	Undecided	Fix Released

Bug #1866115: Support reading messages with 12-byte IVs

Summary				In	Importance	Status
	1866115	Support reading messages with 12-byte IVs		dino-im (Ubuntu)	Undecided	Fix Released
	1866115	Support reading messages with 12-byte IVs		dino-im (Ubuntu Bionic)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.