From c724ddc348a9d1a2264522a8056a34c456dabf4e Mon Sep 17 00:00:00 2001
From: Georg Lukas <georg@op-co.de>
Date: Wed, 7 Apr 2021 19:03:25 +0200
Subject: [PATCH] XEP-0280: add some CVEs

---
 xep-0280.xml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/xep-0280.xml b/xep-0280.xml
index 1eac33ba..8f1e4454 100644
--- a/xep-0280.xml
+++ b/xep-0280.xml
@@ -533,6 +533,9 @@
     <li>any copies that do not meet this requirement MUST be ignored.</li>
   </ul>
   <p>Outbound chat messages that are encrypted end-to-end are not often useful to receive on other resources.  As such, they should use the &lt;private/&gt; element specified above to avoid such copying, unless the encryption mechanism is able to accommodate this protocol.</p>
+  <cve id="2017-5589" url="https://rt-solutions.de/en/cve-2017-5589_xmpp_carbons/">Multiple XMPP Clients User Impersonation Vulnerability</cve>
+  <cve id="2019-16235" url="https://gultsch.de/dino_multiple.html">Multiple Vulnerabilities found in Dino</cve>
+  <cve id="2020-26547" url="https://monal.im/blog/cve-2020-26547/">Missing sender verification for Carbons and MAM in Monal before 4.9</cve>
 </section1>
 <section1 topic='IANA Considerations' anchor='iana'>
   <p>This document requires no interaction with &IANA;.</p>