CVE-2019-16236

Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala.
Source: NIST
CVE-2019-16236