Your message dated Mon, 01 Mar 2021 10:48:35 +0000 with message-id <e1lgg6n-0005j9...@fasolo.debian.org> and subject line Bug#982904: fixed in mumble 1.3.4-1 has caused the Debian Bug report #982904, regarding mumble: CVE-2021-27229 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 982904: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982904 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: mumble Version: 1.3.3-1 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://github.com/mumble-voip/mumble/pull/4733 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for mumble. CVE-2021-27229[0]: | Mumble before 1.3.4 allows remote code execution if a victim navigates | to a crafted URL on a server list and clicks on the Open Webpage text. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-27229 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27229 [1] https://github.com/mumble-voip/mumble/pull/4733 [2] https://github.com/mumble-voip/mumble/commit/e59ee87abe249f345908c7d568f6879d16bfd648 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: mumble Source-Version: 1.3.4-1 Done: Christopher Knadle <chris.kna...@coredump.us> We believe that the bug you reported is fixed in the latest version of mumble, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 982...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christopher Knadle <chris.kna...@coredump.us> (supplier of updated mumble package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 01 Mar 2021 09:29:33 +0000 Source: mumble Architecture: source Version: 1.3.4-1 Distribution: unstable Urgency: medium Maintainer: Christopher Knadle <chris.kna...@coredump.us> Changed-By: Christopher Knadle <chris.kna...@coredump.us> Closes: 982904 Changes: mumble (1.3.4-1) unstable; urgency=medium . * New upstream bugfix release from 2021-02-10 - Fixes CVE-2021-27229 (Closes: #982904) Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text - Fixes packet loss & audio artifacts caused by OCB2 XEXStarAttack mitigation (upstream issue #4720) * debian/upstream/signing-key.asc: - Update signing-key.asc for Mumble 2021 build infrastructure key Checksums-Sha1: f351ca7c81330e851cd8f3a3c21d90f174056fe6 2505 mumble_1.3.4-1.dsc 5d981571cff562ea234bbd34b24d35b9e5fd47b3 8592741 mumble_1.3.4.orig.tar.gz 8cc9919339bb706174b97f676c76d9e3b815d072 721 mumble_1.3.4.orig.tar.gz.asc 5aa02ce5dcf03aa66a406193e9b472dfc9421aef 39340 mumble_1.3.4-1.debian.tar.xz 8b4ddb9a7dd6fde9edc2f90ef6b50fbc51561d71 5275 mumble_1.3.4-1_source.buildinfo Checksums-Sha256: e569093fc6c96e3f36b2319cbaaf6f206a0887b267b1b68271d7c1230ff5ab07 2505 mumble_1.3.4-1.dsc 615f4ebfc3385d945163f369efd3e910c8b6d0f025797a7eed541515fccb6093 8592741 mumble_1.3.4.orig.tar.gz effd462191f4be3ddff9c1235b8a3817a5ef15ae0a7518d6193ec8e146209b98 721 mumble_1.3.4.orig.tar.gz.asc 9c7f0879f4b20365df716c0c96e8006c176179849529a46332e19f85606b20f4 39340 mumble_1.3.4-1.debian.tar.xz ef82a001ef745ea03e2bcef298e825d0867f431e016a457cddc2a8239a6ebec8 5275 mumble_1.3.4-1_source.buildinfo Files: fe709758f71c9516814874ab8bcf3900 2505 sound optional mumble_1.3.4-1.dsc d41ece1a4cefadfc1d04a16863514f98 8592741 sound optional mumble_1.3.4.orig.tar.gz 0e212c95f8b1c24d671908f39ab27265 721 sound optional mumble_1.3.4.orig.tar.gz.asc 89f49d0cb73badf26e9e01ad3d2f7bbc 39340 sound optional mumble_1.3.4-1.debian.tar.xz dd3eb7f84cb6738a2af31acc74611090 5275 sound optional mumble_1.3.4-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEe1KzyGmRW/4DhtV6ieLKD9m6RHAFAmA8vrMACgkQieLKD9m6 RHAzJA/+IjLkbrlzVRo9ajy+lYrWgApabFV9IFD2DYa1WLsEmzkNwNEY91s8tIKs /eTvfFomnxnyh5mptWRfKqK2CUfkAhnronV3Bvoj8fAUUsWs8SmvVqtgkFNgXOeP BziF9SzUVbFvDYKF/u/yE71cAEYSSjgDka2NtQPcckvqgIV8IHAmlATJ3H8ASr/O mmilWGWX4D1Eh6AWEX2MGZWB4m+caqcelBoDvJwoAvtI3q3xlnOUOxrBciwwGdGe yc2244vsEPng/7BFeEG2qWLAL7sDeIymxoGGr/pa4QYHmpff2cyqKkFdmCqeAWry UqStO2Ae2XEeaiVGZWsmS3sFDyyTeQ/7kVmY5enn63kUGT8hLicU3JOV5bJooA7r E+yj2KsqGI64mIUQIDMxQ/phZTmZdUyl2wUumgaWT0Oen4Es/eX2BGSadL4JPFJr SoTTA6h3vy21eP7x4GFPOxpGFrx2wUu7TZkHbe0Jn3Ny8VPwaGJ6skPt69kGK6ky h4fmnvTBAzfBa2f8LS2SyU9vrB1A0ZIE6yJB9uTh6uFRsb2m5kUP6ZKfb2rpHCKj prhz9i2WZCH2czLkHy58+Ttl2ZSajeGKBeYKcvuQHrL8v6JfBt3kP/+dlmbWxsHP f3E97pdVtRBqhrkB4EZJBOg4HVKq5UtN8UYIAcZxgYHhMJQQ8Fo= =bZjO -----END PGP SIGNATURE-----
--- End Message ---
