-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 30 Apr 2021 22:24:25 +0000 Source: mumble Architecture: source Version: 1.3.0~git20190125.440b173+dfsg-2+deb10u1 Distribution: buster Urgency: medium Maintainer: Christopher Knadle <Chris.Knadle@coredump.us> Changed-By: Christopher Knadle <Chris.Knadle@coredump.us> Closes: 982904 Changes: mumble (1.3.0~git20190125.440b173+dfsg-2+deb10u1) buster; urgency=medium . * debian/patches: - Add 67-only-http-https-URLs-in-Connect.diff to fix CVE-2021-27229 "Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text." This patch only allows "http"/"https" URLs in ConnectDialog (Closes: #982904) Thanks to Salvatore Bonaccorso <carnil@debian.org> for reporting the bug and giving links to the fix. Checksums-Sha1: ffddd841eaa581d3ec9ecb45cb8693f6fb55f2db 2467 mumble_1.3.0~git20190125.440b173+dfsg-2+deb10u1.dsc b6056729de1a1e14b80243b58fb41e4d9545ef10 7011554 mumble_1.3.0~git20190125.440b173+dfsg.orig.tar.gz 7acb33ae42d7b12ff01c27721f4f3ed3634c873e 40008 mumble_1.3.0~git20190125.440b173+dfsg-2+deb10u1.debian.tar.xz 827de5e0137153b1e8aad54b53ce89e094d938bd 5415 mumble_1.3.0~git20190125.440b173+dfsg-2+deb10u1_source.buildinfo Checksums-Sha256: 8d22dc1c8fa14f0a5730f789b909c5edb58b878b7d1d2b4e83fe41020f07f483 2467 mumble_1.3.0~git20190125.440b173+dfsg-2+deb10u1.dsc 3340d7915f42b86c82a175d524d34b7b7f4523c2fe459f80913775f72480c944 7011554 mumble_1.3.0~git20190125.440b173+dfsg.orig.tar.gz 4cb7f22453386aaa02c163fc78b855213e2870e75e2e6a842b0ddc47445c4019 40008 mumble_1.3.0~git20190125.440b173+dfsg-2+deb10u1.debian.tar.xz 5f80e0a08c2c0b9f3e98ecde29dde2b772c537cf7c043b444d21aa5ec71e3fee 5415 mumble_1.3.0~git20190125.440b173+dfsg-2+deb10u1_source.buildinfo Files: 7e6a7b879a3a8aa7377afd9c42872d38 2467 sound optional mumble_1.3.0~git20190125.440b173+dfsg-2+deb10u1.dsc 086cef3df42034b2ff4951ed005cd8f5 7011554 sound optional mumble_1.3.0~git20190125.440b173+dfsg.orig.tar.gz d3bba122e581243fbe245bbd87fccd05 40008 sound optional mumble_1.3.0~git20190125.440b173+dfsg-2+deb10u1.debian.tar.xz 032386ff98e553a535c32e2740833dbb 5415 sound optional mumble_1.3.0~git20190125.440b173+dfsg-2+deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEe1KzyGmRW/4DhtV6ieLKD9m6RHAFAmCMvuIACgkQieLKD9m6 RHDO+xAAqA/n5hpOsO2B7Fr+6CYaHtzgKFUytEWU2jNrhVBtthY00Zm/QXulalq5 yxCRgmgNlVYcXdisGfvZ1T3VLJef0Jv5tQgVvq9N+K8kmLpsfUE7kqWh1P+AN6Yf 3Ssyczt+5kTp2Bha2f9YkU677uSDEtqkMrXcPvuL7sTwjik3Rrz1MWeznZIzV9+7 qsFnpHisK0ggntCQv6Z10UfR5bcyNnZrWdjad0JahLfWUDFyTkTP2f57CiGgnQNa 7YncrNxMjd9azQeZEejXEHblbUXfmiA9CJNHsHbfm1fLRiEQXJ9SyFiB8baYED9U fmTfY1NjyBu8M4E0DM8ARQhrWTMSMpcgLrlu2CEaT/Hl/OsVDEptnRYDzOA+SjjY 4mSDzOGheCOvauYdH3qfIpR6noHZx+r5pMMD++0PhStG/ELc4HZkD3vVyvWQdMj3 SJmxS+nwMZIiA462HZkFuDDhMoedYClhu2HAvv4siQ2zMNBeovd+T7xDCo7mr+13 axtUXxU1QL7PyvSQ9V+A5TT4w8mbkl1kU0kaqOBpEKraBHge4uGRNvfvb+P3aqLM QuUhvCpEF18a7ks64Yj89on2n4E5rOlDgn8E8uPQ1Hmmslg00gcNRrIddzTks507 D5X0YKRVrwfVM3W01lkDGXflADF0SZTtgsz4S7jEEkNf7lK6ePk= =s9kB -----END PGP SIGNATURE-----
