-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: mumble Binary: mumble, mumble-server, mumble-dbg Architecture: any Version: 1.2.3-349-g315b5f5-2.2+deb7u1 Maintainer: Ron Lee <[email protected]> Uploaders: Thorvald Natvig <[email protected]> Homepage: http://mumble.sourceforge.net/ Standards-Version: 3.9.3.1 Vcs-Browser: http://git.debian.org/?p=users/ron/mumble.git;a=summary Vcs-Git: git://git.debian.org/users/ron/mumble.git Build-Depends: debhelper (>= 7.0.8), g++-4.6, po-debconf, libboost-dev (>= 1.42), libboost-python-dev (>= 1.42), libqt4-dev (>= 4.5.0), hardening-wrapper, libgl1-mesa-dev, libasound2-dev, libpulse-dev, libogg-dev, libspeex-dev, libspeexdsp-dev, libopus-dev, libsndfile1-dev, libssl-dev, libzeroc-ice34-dev (>= 3.4.2-8.1), ice34-translators (>= 3.4.2-8.1), ice34-slice (>= 3.4.2-8.1), libg15daemon-client-dev, libspeechd-dev, protobuf-compiler, libprotobuf-dev, libavahi-compat-libdnssd-dev, libxi-dev, libcap-dev [linux-any] Package-List: mumble deb sound optional mumble-dbg deb debug extra mumble-server deb sound optional Checksums-Sha1: 786506183801c47204804d356171aba53de7a200 3118757 mumble_1.2.3-349-g315b5f5.orig.tar.gz 779af1f205748d362dd1a8f8a7377303ffcc7e19 38417 mumble_1.2.3-349-g315b5f5-2.2+deb7u1.debian.tar.gz Checksums-Sha256: 3fb99e293446d24e3418970b9149b198e707aa0b10621e0865c0de7ca3e2a8f3 3118757 mumble_1.2.3-349-g315b5f5.orig.tar.gz 4caf726ec58b75674725f53def329525e8babb195d93bbfb4e0a12da8ba52aef 38417 mumble_1.2.3-349-g315b5f5-2.2+deb7u1.debian.tar.gz Files: f83dd14e98c7a7a9e3246b34b49de63c 3118757 mumble_1.2.3-349-g315b5f5.orig.tar.gz 4f232c50cb07d52e8c5114db79826ca8 38417 mumble_1.2.3-349-g315b5f5-2.2+deb7u1.debian.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJS7fEYAAoJEAVMuPMTQ89Euu8P/3unAcT+O0HRckVXxPyq5X12 p7C2qD86YUS39SgSojXm1+Q2EtTUWJzYlIbukZto3GlFUvufmaLBf6K2EHY05Eqn eJKL78uQVvWNxoxQ5aFF3SAYeJHTJB/KcQ0uNaI0cUUdg0mUStWVWCdjdChUeJYb w9kDmeiRLeu+8hKHhEdmpuR3dlyEqEAMhYi07fWoHL+LM1cFuiCoihDlcTW5kqaF l4MEYgwEUvjo4mNOlgxmtGxxcPDZRkmnozNJCG4Vpl18JozXM9hjDDqy2StkQSCV UY1SLHZrNWGXB20FM63YpXTlPa8PGqR0cIsYmcO+8cItEVQdM9zdMPKhOdDbMIlw ZeQziQOlnHCLkLH9i+YnJffXjmhhcQGHu7C9PmTgDRL9HTTKhc98KRAbrYAApd9x jr+9s2PQ42S9t+iT0ePFV4rQglJZ5G2D6cArh4JoxDPZ7Ufp9jILVjDhZZ4Tekb6 l5EWI+vmfmZxFCR5b63ufTGmVYMxmJ1XBPbzKtqaiDGTujPwX6sRd+REDqNmkHCq mcJCaY8ufMX3JuBGa3RbLppmxP1dFFb0jojYHJzbBbW3bxu/1vNZVI3nME/1CvBg tWPDwAM5Y79i5TqemN8A4KwmMpdkOpA4oWQo3Pv1HA7KhVvzcCIYTTYGKITnsUPK AUvB8q8cL0MW1uMsafNM =gZ8x -----END PGP SIGNATURE----- Changes: mumble (1.2.3-349-g315b5f5-2.2+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add Mumble-SA-2014-001.patch patch. CVE-2014-0044: A malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access, leading to a crash (Denial of Service). * Add Mumble-SA-2014-002.patch patch. CVE-2014-0045: A malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow. This causes a client crash (Denial of Service) and can potentially be used to execute arbitrary code. -- Salvatore Bonaccorso <[email protected]> Sun, 02 Feb 2014 08:03:48 +0100
