FS#72117 : [element-desktop] [element-web] 1.7.34-2: Critical security issues with key sharing

FS#72117 - [element-desktop] [element-web] 1.7.34-2: Critical security issues with key sharing

Attached to Project: Community Packages
Opened by Pascal Ernster (hardfalcon) - Monday, 13 September 2021, 12:42 GMT
Last edited by Jonas Witschel (diabonas) - Monday, 13 September 2021, 15:05 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	No-one
Architecture	All
Severity	Critical
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Upstream has announced a critical security fix for element-web and element-desktop 1.8.2 on 2021-09-10:
https://matrix.org/blog/2021/09/10/pre-disclosure-upcoming-critical-fix-for-several-popular-matrix-clients/

The fixed version 1.8.4 has just been released:
https://github.com/vector-im/element-desktop/releases/tag/v1.8.4
https://github.com/vector-im/element-web/releases/tag/v1.8.4

The actual security fix seems to be this one:
https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9

I have attached an updated PKGBUILD which also updates the sed pattern for replacing the electron version in packages.json for element-desktop.

PKGBUILD (3.8 KiB)

This task depends upon

Closed by Jonas Witschel (diabonas)
Monday, 13 September 2021, 15:05 GMT
Reason for closing: Fixed
Additional comments about closing: element-{desktop,web} 1.8.4-1

Comment by Pascal Ernster (hardfalcon) - Monday, 13 September 2021, 13:03 GMT

Sorry, had a bug in the PKGBUILD, here's the fixed version.

PKGBUILD (3.7 KiB)

Comment by Jonas Witschel (diabonas) - Monday, 13 September 2021, 15:04 GMT

Thank you for the report and the PKGBUILD! I have pushed an updated version to the repositories.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#72117 - [element-desktop] [element-web] 1.7.34-2: Critical security issues with key sharing

Details

Loading...