FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Matrix clients -- several vulnerabilities

Affected packages
cinny < 2.2.1
element-web < 1.11.7


VuXML ID cb902a77-3f43-11ed-9402-901b0e9408dc
Discovery 2022-09-23
Entry 2022-09-28

Matrix developers report:

Two critical severity vulnerabilities in end-to-end encryption were found in the SDKs which power Element, Beeper, Cinny, SchildiChat, Circuli, and any other clients based on matrix-js-sdk, matrix-ios-sdk or matrix-android-sdk2.


CVE Name CVE-2022-39236
CVE Name CVE-2022-39249
CVE Name CVE-2022-39250
CVE Name CVE-2022-39251