Dino-IM (Trisquel and upstream ubuntu CVE and buggyness)
Hi The dino-im package (which is also installed by default in trisquel, derived from the ubuntu upstream) seems to still be vulnerable the medium severity CVE (which allows attackers to send messages and gain access to and change bookmarks and the data within), shown here https://dino.im/security/cve-2023-28686/ . The version trisquel (by extension of ubuntu) does not appear to have been updated, when the bugfix release was issued or specifically fixed by patching using this commit https://github.com/dino/dino/commit/ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec.
Debian patched the bullseye version in backports 0.3.0-2~bpo11+2, but it doesn't seem to be fixed further downstream in Ubuntu 22.04.
Also, the 0.3.0-3 version does seem to still have a bug associated with video capture devices not working correctly in the call and not displaying/sending any video, a bugfix release 0.3.2 may (if I am recalling correctly) well have fixed this alongside the bookmarks CVE.
Is it possible to for trisquel to apply the commit to the current version or use a later version as a backport in order to mitigate both the CVE and the camera/fps bugs? Given that there seems to be a gap between fixed in bullseye, but not then by MOTU and thus we don't have the fixes in trisquel.
Many Many Thanks Ryan