Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 903571 (CVE-2023-28103) - <net-im/element-desktop-bin-1.11.29: Multiple security vulnerabilities
Summary: <net-im/element-desktop-bin-1.11.29: Multiple security vulnerabilities
Alias: CVE-2023-28103
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~4 [noglsa]
Depends on:
Blocks: CVE-2023-28427
  Show dependency tree
Reported: 2023-03-30 10:56 UTC by tastytea
Modified: 2023-04-30 23:56 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description tastytea 2023-03-30 10:56:55 UTC
1.11.26 fixes 2 CVEs: <>

See also: <>

> Although we have only demonstrated a denial-of-service-style impact, we cannot
> completely rule out the possibility of a more severe impact due to the
> relatively extensive attack surface. We have therefore classified this as High
> severity and strongly recommend upgrading as a precautionary measure.
Comment 1 tastytea 2023-04-20 20:00:52 UTC
fixed in 04863433b36f012d01c712ea86b784c01734bdf9 (bumped to to 1.11.29)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-30 23:56:27 UTC
Both prototype pollution vulnerabilities in bundled Matrix libraries. All done, thanks!