From 8056721f8ecdfd368d191ce998c5d9c83320dc65 Mon Sep 17 00:00:00 2001 From: Georg Lukas Date: Wed, 7 Apr 2021 18:59:10 +0200 Subject: [PATCH 1/5] XEP template: add `` element for security vulnerabilities --- xep-template.xml | 2 ++ xep.dtd | 16 ++++++++++------ xep.xsd | 16 ++++++++++++++++ xep.xsl | 20 ++++++++++++++++++++ xmpp.css | 5 +++++ 5 files changed, 53 insertions(+), 6 deletions(-) diff --git a/xep-template.xml b/xep-template.xml index 1807dc66..23ad1121 100644 --- a/xep-template.xml +++ b/xep-template.xml @@ -109,6 +109,8 @@ ]]> + Name of a CVE relevant to the XEP + Another CVE with no primary source

Text in a Sub-Sub-Section.

diff --git a/xep.dtd b/xep.dtd index 52c7e842..56a5afd7 100644 --- a/xep.dtd +++ b/xep.dtd @@ -68,27 +68,27 @@ THE SOFTWARE. - + - + - + - + - + - + @@ -130,6 +130,10 @@ THE SOFTWARE. + + diff --git a/xep.xsd b/xep.xsd index 9a62fa84..dbbbd427 100644 --- a/xep.xsd +++ b/xep.xsd @@ -209,6 +209,7 @@ THE SOFTWARE. + @@ -227,6 +228,7 @@ THE SOFTWARE. + @@ -245,6 +247,7 @@ THE SOFTWARE. + @@ -263,6 +266,7 @@ THE SOFTWARE. + @@ -283,6 +287,7 @@ THE SOFTWARE. + @@ -379,6 +384,17 @@ THE SOFTWARE. + + + + + + + + + + + diff --git a/xep.xsl b/xep.xsl index 504e1435..21c3149e 100644 --- a/xep.xsl +++ b/xep.xsl @@ -1015,6 +1015,26 @@ content: "XEP-"; + +
+
CVE- + (https://nvd.nist.gov/vuln/detail/CVE-NIST, + https://cve.mitre.org/cgi-bin/cvename.cgi?name=Mitre) +
+ + + + + + + + + + + +
+ + diff --git a/xmpp.css b/xmpp.css index 562fa28c..70110627 100644 --- a/xmpp.css +++ b/xmpp.css @@ -1290,6 +1290,11 @@ padding: 1.5em; border: 1px solid rgba(19, 181, 234, 1.0); } + figure.cve { + padding: 1.5em; + background-color: rgba(255, 220, 220, 1.0); + border: 5px solid rgba(180, 0, 0, 1.0); + } figure > figcaption { margin-bottom: 0.5em; From c724ddc348a9d1a2264522a8056a34c456dabf4e Mon Sep 17 00:00:00 2001 From: Georg Lukas Date: Wed, 7 Apr 2021 19:03:25 +0200 Subject: [PATCH 2/5] XEP-0280: add some CVEs --- xep-0280.xml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xep-0280.xml b/xep-0280.xml index 1eac33ba..8f1e4454 100644 --- a/xep-0280.xml +++ b/xep-0280.xml @@ -533,6 +533,9 @@
  • any copies that do not meet this requirement MUST be ignored.

    • Outbound chat messages that are encrypted end-to-end are not often useful to receive on other resources. As such, they should use the <private/> element specified above to avoid such copying, unless the encryption mechanism is able to accommodate this protocol.

    + Multiple XMPP Clients User Impersonation Vulnerability + Multiple Vulnerabilities found in Dino + Missing sender verification for Carbons and MAM in Monal before 4.9

    This document requires no interaction with &IANA;.

    From 0310636ca99ac7db41ebb26274f701f16e90491c Mon Sep 17 00:00:00 2001 From: Georg Lukas Date: Thu, 8 Apr 2021 15:16:23 +0200 Subject: [PATCH 3/5] XEP style: fix CVE background in dark mode --- xmpp.css | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/xmpp.css b/xmpp.css index 70110627..27310a84 100644 --- a/xmpp.css +++ b/xmpp.css @@ -1712,6 +1712,10 @@ figure.example { background-color: #282828; } + figure.cve { + border: 5px solid rgba(120, 0, 0, 1.0); + background-color: #200000; + } .box { color: #ccc; From 28957f6cc1f85491fc4a7de6d970df0f8891fed7 Mon Sep 17 00:00:00 2001 From: Georg Lukas Date: Wed, 14 Apr 2021 16:55:15 +0200 Subject: [PATCH 4/5] CVE: remove background color --- xmpp.css | 2 -- 1 file changed, 2 deletions(-) diff --git a/xmpp.css b/xmpp.css index 27310a84..08a30a83 100644 --- a/xmpp.css +++ b/xmpp.css @@ -1292,7 +1292,6 @@ } figure.cve { padding: 1.5em; - background-color: rgba(255, 220, 220, 1.0); border: 5px solid rgba(180, 0, 0, 1.0); } @@ -1714,7 +1713,6 @@ } figure.cve { border: 5px solid rgba(120, 0, 0, 1.0); - background-color: #200000; } .box { From 6d942dcb3b02b92783cc2d19d568b36b8201d5f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20Sch=C3=A4fer?= Date: Tue, 25 May 2021 17:08:23 +0200 Subject: [PATCH 5/5] XEP-0280: add revision block --- xep-0280.xml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/xep-0280.xml b/xep-0280.xml index 8f1e4454..47e8ccb4 100644 --- a/xep-0280.xml +++ b/xep-0280.xml @@ -53,6 +53,12 @@ georg@op-co.de georg@yax.im + + 0.13.4 + 2021-05-25 + gl +

    Add CVE references

     +     0.13.3 2021-03-23