Bug 1968753 - CVE-2021-33896: Path traversal in Dino file transfers
Summary: CVE-2021-33896: Path traversal in Dino file transfers
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: dino
Version: rawhide
Hardware: All
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Randy Barlow
QA Contact: Fedora Extras Quality Assurance
URL: https://dino.im/security/cve-2021-33896/
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-06-07 22:04 UTC by Randy Barlow
Modified: 2021-06-16 20:49 UTC (History)
1 user (show)

Fixed In Version: dino-0.2.1-1.fc35 dino-0.1.2-1.fc33 dino-0.2.1-1.fc34
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-06-16 01:07:35 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Randy Barlow 2021-06-07 22:04:45 UTC 
All supported Fedora versions are affected.
Comment 1 Randy Barlow 2021-06-07 22:05:38 UTC 
See https://dino.im/security/cve-2021-33896/
Comment 2 Fedora Update System 2021-06-07 23:17:55 UTC 
FEDORA-2021-d5d263ec35 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-d5d263ec35
Comment 3 Fedora Update System 2021-06-07 23:17:56 UTC 
FEDORA-2021-3cf08ffe38 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-3cf08ffe38
Comment 4 Fedora Update System 2021-06-08 01:51:33 UTC 
FEDORA-2021-3cf08ffe38 has been pushed to the Fedora 33 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-3cf08ffe38`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-3cf08ffe38

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 5 Fedora Update System 2021-06-09 01:17:17 UTC 
FEDORA-2021-d5d263ec35 has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-d5d263ec35`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-d5d263ec35

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 Fedora Update System 2021-06-16 01:07:35 UTC 
FEDORA-2021-3cf08ffe38 has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 7 Fedora Update System 2021-06-16 20:49:14 UTC 
FEDORA-2021-d5d263ec35 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.