Your message dated Sat, 26 Jan 2019 20:49:46 +0000 with message-id <e1gnute-0001m4...@fasolo.debian.org> and subject line Bug#920476: fixed in mumble 1.3.0~git20190125.440b173+dfsg-1 has caused the Debian Bug report #920476, regarding security issue: DoS due to changing # of allowed users in root channel to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 920476: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920476 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: mumble Version: 1.3.0~git20190114.9fcc588+dfsg-1 Severity: serious Tags: security fixed-upstream pending A vulnerability has been discovered whereby a remote unauthenticated user connected to the server can send a crafted packet to change the number of allowed users in the root channel to 0, thereby disallowing users to connect to the server and causing a Denial of Service. All version of mumble-server prior to the fix in Mumble issue #3586 on 2019-01-25 are affected. https://github.com/mumble-voip/mumble/issues/3585 A new upload of mumble is being prepared to fix this issue. -- Chris -- Chris Knadle chris.kna...@coredump.us
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Source: mumble Source-Version: 1.3.0~git20190125.440b173+dfsg-1 We believe that the bug you reported is fixed in the latest version of mumble, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 920...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christopher Knadle <chris.kna...@coredump.us> (supplier of updated mumble package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 26 Jan 2019 03:33:10 +0000 Source: mumble Binary: mumble mumble-server Architecture: source Version: 1.3.0~git20190125.440b173+dfsg-1 Distribution: unstable Urgency: high Maintainer: Christopher Knadle <chris.kna...@coredump.us> Changed-By: Christopher Knadle <chris.kna...@coredump.us> Description: mumble - Low latency encrypted VoIP client mumble-server - Low latency encrypted VoIP server Closes: 919453 920237 920476 Changes: mumble (1.3.0~git20190125.440b173+dfsg-1) unstable; urgency=high . [ Helmut Grohne ] * debian/patches: - Add 60-crossbuild.diff to remove hard coded call to pkg-config to allow Mumble to be cross buildable Fixes "FTCBFS: builds for the wrong architecture" (Closes: #919453) * debian/rules: - Merge qmake call into dh_auto_configure so qmake gets called only once . [ Christopher Knadle ] * New upstream git snapshot from 2019-01-25 - Fixes "security issue: DoS due to changing # of allowed users in root channel" (Closes: #920476) Thanks to "The Zom.bi Community" for finding the bug and fixing it upstream. - Fixes "lost list of server configurated" (Closes: #920237) Thanks to petrohs <petr...@gmail.com> for reporting the bug, and to Antoine Beaupré <anar...@debian.org> for discussing the bug upstream more in issue #1702 to verify that the prior fix was insufficient * debian/copyright: - Update directory location for codecs to be under 3rdparty/ rather than softlinks Checksums-Sha1: d13653956b8fc31e32dc42145c6d7017ad03fbc7 2435 mumble_1.3.0~git20190125.440b173+dfsg-1.dsc b6056729de1a1e14b80243b58fb41e4d9545ef10 7011554 mumble_1.3.0~git20190125.440b173+dfsg.orig.tar.gz 1f5e974c83b58e10f25479de035c13f59bec36ab 38676 mumble_1.3.0~git20190125.440b173+dfsg-1.debian.tar.xz 0f843a5307ad3bbb87e62ab167ac22f54ac2800e 5821 mumble_1.3.0~git20190125.440b173+dfsg-1_source.buildinfo Checksums-Sha256: bc60039d696392f458d35314c8f0bc0b7246e54891430e3272ea0058723745fd 2435 mumble_1.3.0~git20190125.440b173+dfsg-1.dsc 3340d7915f42b86c82a175d524d34b7b7f4523c2fe459f80913775f72480c944 7011554 mumble_1.3.0~git20190125.440b173+dfsg.orig.tar.gz 66eea06c78c4ae9151deeae27a58618877b94fbae4666f356cc2bcb60ca42f8c 38676 mumble_1.3.0~git20190125.440b173+dfsg-1.debian.tar.xz 31b97a8c1436a6627f1a94d097c47ad31e8568753df8081cc2f968bf435baad4 5821 mumble_1.3.0~git20190125.440b173+dfsg-1_source.buildinfo Files: d2143437b8b8d6cba2a5ab7fbc10bb40 2435 sound optional mumble_1.3.0~git20190125.440b173+dfsg-1.dsc 086cef3df42034b2ff4951ed005cd8f5 7011554 sound optional mumble_1.3.0~git20190125.440b173+dfsg.orig.tar.gz 1b62e4234f0f21832585794a385f118c 38676 sound optional mumble_1.3.0~git20190125.440b173+dfsg-1.debian.tar.xz a33e5d8b184c0e7f0b6e16faaa3d24f9 5821 sound optional mumble_1.3.0~git20190125.440b173+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEe1KzyGmRW/4DhtV6ieLKD9m6RHAFAlxMvfgACgkQieLKD9m6 RHCcNQ/8CMSKCz9PtR0xVpLs41ctUdJZpzu4jygc7jxirRj4M4xIEcp+zs54c+Sl Lo+Ke7Dp2U93DjVDJqhwCY25uMc6vHSMqgxFhpGAwMlR+dMAxyAYQbrJbYp6wvbI eoqD0hsD+Pa4U9GQtIIgNqwYnxe39V6KjXvECdgUw9Dq3Jo+CcZo4aKnC4Kfndep fnexES3X4NK7BQvRZ9/l6b2dOynKgDQ/gIeip43NO6ode1UyH/YQn7W+VnjEULLr oC3exylYNiXd1FIlUHoTqoqhn0O1DvKFXv0b//89RjwSKxF2wfwxJODh1XIYbGGe TGqlScIy8T0WMIJoFe8o4Jvk5Zj8NAt/zV2c1gUHgFx9eTaN9vn08NrjQf/i7xXO UcQ1TvN8UJdKof1aTDQvvFAP0Yvtr5iBmXyXw41FvKyRCi+c67XeOMSh2MaDRocb TeVGit4fklP8h1IJ3UgZH9yQ/3nHNxXzij9xvVWy6+/Q/0UiIbgSHpTRBpKzx7yS xlkmzHK536tp9YIypwpJUHpF78UN+suTQsZFOIZa8YtV/zgB41KGHM8/BMrc+JLT /ik5MLfPqhId2CC6Eedm3KPEFytI6A/7eLkT1WMALKW/szBMbEzTb1aLWDgHHuXu WqqfHH3YLRqgPscN6d5xoaF+I3YuNSAg/ZVd7aofxTg6sCJYNWo= =WfA9 -----END PGP SIGNATURE-----
--- End Message ---
