Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#72117 - [element-desktop] [element-web] 1.7.34-2: Critical security issues with key sharing
Attached to Project:
Community Packages
Opened by Pascal Ernster (hardfalcon) - Monday, 13 September 2021, 12:42 GMT
Last edited by Jonas Witschel (diabonas) - Monday, 13 September 2021, 15:05 GMT
Opened by Pascal Ernster (hardfalcon) - Monday, 13 September 2021, 12:42 GMT
Last edited by Jonas Witschel (diabonas) - Monday, 13 September 2021, 15:05 GMT
|
DetailsUpstream has announced a critical security fix for element-web and element-desktop 1.8.2 on 2021-09-10:
https://matrix.org/blog/2021/09/10/pre-disclosure-upcoming-critical-fix-for-several-popular-matrix-clients/ The fixed version 1.8.4 has just been released: https://github.com/vector-im/element-desktop/releases/tag/v1.8.4 https://github.com/vector-im/element-web/releases/tag/v1.8.4 The actual security fix seems to be this one: https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9 I have attached an updated PKGBUILD which also updates the sed pattern for replacing the electron version in packages.json for element-desktop. 
PKGBUILD
(3.8 KiB)
|
This task depends upon
Closed by Jonas Witschel (diabonas)
Monday, 13 September 2021, 15:05 GMT
Reason for closing: Fixed
Additional comments about closing: element-{desktop,web} 1.8.4-1
Monday, 13 September 2021, 15:05 GMT
Reason for closing: Fixed
Additional comments about closing: element-{desktop,web} 1.8.4-1
Comment by Pascal Ernster (hardfalcon) -
Monday, 13 September 2021, 13:03 GMT
Sorry, had a bug in the PKGBUILD, here's the fixed version.
PKGBUILD
(3.7 KiB)
Comment by Jonas Witschel (diabonas) -
Monday, 13 September 2021, 15:04 GMT
Thank you for the report and the PKGBUILD! I have pushed an updated version to the repositories.