-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 02 Feb 2014 08:03:48 +0100
Source: mumble
Binary: mumble mumble-server mumble-dbg
Architecture: source amd64
Version: 1.2.3-349-g315b5f5-2.2+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Ron Lee <ron@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
mumble - Low latency VoIP client
mumble-dbg - Low latency VoIP client (debugging symbols)
mumble-server - Low latency VoIP server
Changes:
mumble (1.2.3-349-g315b5f5-2.2+deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add Mumble-SA-2014-001.patch patch.
CVE-2014-0044: A malformed Opus voice packet sent to a Mumble client
could trigger a NULL pointer dereference or an out-of-bounds array
access, leading to a crash (Denial of Service).
* Add Mumble-SA-2014-002.patch patch.
CVE-2014-0045: A malformed Opus voice packet sent to a Mumble client
could trigger a heap-based buffer overflow. This causes a client crash
(Denial of Service) and can potentially be used to execute arbitrary
code.
Checksums-Sha1:
6340287489a25467a48515b8cfdf100b618c81a2 2543 mumble_1.2.3-349-g315b5f5-2.2+deb7u1.dsc
786506183801c47204804d356171aba53de7a200 3118757 mumble_1.2.3-349-g315b5f5.orig.tar.gz
779af1f205748d362dd1a8f8a7377303ffcc7e19 38417 mumble_1.2.3-349-g315b5f5-2.2+deb7u1.debian.tar.gz
b1822d3b0e16669e25f5e946c556fc69841efa56 2877278 mumble_1.2.3-349-g315b5f5-2.2+deb7u1_amd64.deb
f90496432b4197c6b59560d87c976d3b75af5079 955436 mumble-server_1.2.3-349-g315b5f5-2.2+deb7u1_amd64.deb
fcaf9bd005a1987ecf31dafb6aab9521ecb5c589 29374136 mumble-dbg_1.2.3-349-g315b5f5-2.2+deb7u1_amd64.deb
Checksums-Sha256:
a2b6005571b951c15e738383c3e674625e8edb5ba25f53ff61df86c741535677 2543 mumble_1.2.3-349-g315b5f5-2.2+deb7u1.dsc
3fb99e293446d24e3418970b9149b198e707aa0b10621e0865c0de7ca3e2a8f3 3118757 mumble_1.2.3-349-g315b5f5.orig.tar.gz
4caf726ec58b75674725f53def329525e8babb195d93bbfb4e0a12da8ba52aef 38417 mumble_1.2.3-349-g315b5f5-2.2+deb7u1.debian.tar.gz
1cdd9cfc920eca36cd88b8f06befa770e99736b89674896c3d904332570f9f39 2877278 mumble_1.2.3-349-g315b5f5-2.2+deb7u1_amd64.deb
ff27864199152c678bb9442b8c2402aebe485665c5f46834c7531333ce880d96 955436 mumble-server_1.2.3-349-g315b5f5-2.2+deb7u1_amd64.deb
4ec720158338ad592d044c0529526d1893eaf6a7bd9d53a8cc5d5e5db6473bce 29374136 mumble-dbg_1.2.3-349-g315b5f5-2.2+deb7u1_amd64.deb
Files:
b7b4dea788655e3667daa72dc0a603f3 2543 sound optional mumble_1.2.3-349-g315b5f5-2.2+deb7u1.dsc
f83dd14e98c7a7a9e3246b34b49de63c 3118757 sound optional mumble_1.2.3-349-g315b5f5.orig.tar.gz
4f232c50cb07d52e8c5114db79826ca8 38417 sound optional mumble_1.2.3-349-g315b5f5-2.2+deb7u1.debian.tar.gz
d26de839eb31f4f9884893451f90bb7e 2877278 sound optional mumble_1.2.3-349-g315b5f5-2.2+deb7u1_amd64.deb
1cbe72b5d4d2e7e8b9bb5dc48b9182fe 955436 sound optional mumble-server_1.2.3-349-g315b5f5-2.2+deb7u1_amd64.deb
d777c929712dc1470b023d393ed61f4f 29374136 debug extra mumble-dbg_1.2.3-349-g315b5f5-2.2+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJS7fEkAAoJEAVMuPMTQ89EceYQAJINo07Qby6Aw5osP8E2iS5P
CGNIZ0sSXa7Ro/EhrjQ7r5ufB2hutTNWzYNXvQJfTbm5Bpey9l4ppT0YmdVOAJM/
CAosChRoZFfE9UumTWHS2mE6xOaEUGp99NW9yP20MXzY3jTl7oEFEXQnnqL38K85
cy8LBaG2ndWGSYfIFSeHb79x6RYqvYCmCAezHAkDSDI5fG6wCj/djIyRqAB6Kb03
elJN1dQJORp70Uv99kgD8dbSgE6XWwDXzwRDje9QUOePqvIntGxIRdAYqsfaPwXU
ti8P2aaoDLM6HBP6n2Z3Bmi1LrElElIH5Yp6ba0U+CZTkAH5xi0CJkk6JGqY+3Pc
ODTITHaVVrfmlHn/N5DV8fco34wkPjvNLJlmkt90EGp8x1c8c5ZxlmcNmQSgfjFV
PajE070i8A00YtBrfR5J3tPllmOgYLO9OSzNYFFMT1cFDEOrhxGK0cUV6G634eHg
II5eYM58PsMpj7E5/f18xOs67T7I8egMxZtijKZPddaivo4KzRNMRp95iOTrGpJG
qz6BYFmI7hcrBu/0Dl4y9CaeID2IDo+QET6hVpiPA5Zt9qVEh5hN2DJaQruvOlaR
JXx/qsR9Eq/mBr+7ZC9Vqrlvblj+Q1dNGGItNXpwehL4t8uqpqnbN7gjEsjye/Ec
So1Jdq0V92c7KrFhEJdq
=8P4F
-----END PGP SIGNATURE-----
