FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Matrix clients -- several vulnerabilities

Affected packages
cinny < 2.2.1
element-web < 1.11.7

Details

VuXML ID cb902a77-3f43-11ed-9402-901b0e9408dc
Discovery 2022-09-23
Entry 2022-09-28

Matrix developers report:

Two critical severity vulnerabilities in end-to-end encryption were found in the SDKs which power Element, Beeper, Cinny, SchildiChat, Circuli, Synod.im and any other clients based on matrix-js-sdk, matrix-ios-sdk or matrix-android-sdk2.

References

CVE Name CVE-2022-39236
CVE Name CVE-2022-39249
CVE Name CVE-2022-39250
CVE Name CVE-2022-39251
URL https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients