Security update for go-sendxmpp
This update for go-sendxmpp fixes the following issues:
Update to 0.16.0:
- CVE-2026-1229: circl: The CombinedMult function produces an incorrect value (boo#1265538).
- CVE-2026-39821: net: Failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (boo#1266617).
-
Submitted by
Michael Vetter (jubalh)
Fixed bugs
bnc#1266617
VUL-0: CVE-2026-39821: go-sendxmpp: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation
bnc#1265538
VUL-0: CVE-2026-1229: go-sendxmpp: github.com/cloudflare/circl: the CombinedMult function in the ecc/p384 package produces an incorrect value for specific inputs