FS#72117 - [element-desktop] [element-web] 1.7.34-2: Critical security issues with key sharing
Attached to Project:
Community Packages
Opened by Pascal Ernster (hardfalcon) - Monday, 13 September 2021, 12:42 GMT
Last edited by Jonas Witschel (diabonas) - Monday, 13 September 2021, 15:05 GMT
Opened by Pascal Ernster (hardfalcon) - Monday, 13 September 2021, 12:42 GMT
Last edited by Jonas Witschel (diabonas) - Monday, 13 September 2021, 15:05 GMT
|
Details
Upstream has announced a critical security fix for
element-web and element-desktop 1.8.2 on 2021-09-10:
https://matrix.org/blog/2021/09/10/pre-disclosure-upcoming-critical-fix-for-several-popular-matrix-clients/ The fixed version 1.8.4 has just been released: https://github.com/vector-im/element-desktop/releases/tag/v1.8.4 https://github.com/vector-im/element-web/releases/tag/v1.8.4 The actual security fix seems to be this one: https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9 I have attached an updated PKGBUILD which also updates the sed pattern for replacing the electron version in packages.json for element-desktop. |
This task depends upon
Closed by Jonas Witschel (diabonas)
Monday, 13 September 2021, 15:05 GMT
Reason for closing: Fixed
Additional comments about closing: element-{desktop,web} 1.8.4-1
Monday, 13 September 2021, 15:05 GMT
Reason for closing: Fixed
Additional comments about closing: element-{desktop,web} 1.8.4-1
Comment by
Pascal Ernster (hardfalcon) -
Monday, 13 September 2021, 13:03 GMT
Comment by
Jonas Witschel (diabonas) - Monday,
13 September 2021, 15:04 GMT
Sorry, had a bug in the PKGBUILD, here's the fixed version.
Thank you for the report and the PKGBUILD! I have pushed an
updated version to the repositories.