[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#587713: marked as done (mumble-server: DoS via malformed client queries)

Your message dated Mon, 12 Jul 2010 22:52:46 +0000
with message-id <E1OYRri-00080F-3T@franck.debian.org>
and subject line Bug#587713: fixed in mumble 1.2.2-4
has caused the Debian Bug report #587713,
regarding mumble-server: DoS via malformed client queries
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

587713: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=587713
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: mumble-server
Version: 1.2.2-2
Severity: grave
Tags: security


The following vulnerability has been reported in mumble-server.

From [1]:
> Through a malformed type of data is possible to force the termination
> of the server due to an error in the SQL query (SQLite library).
> The attacker needs to join the server to exploit it.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry, if one is assigned by then.

There's no known patch at the moment and an exploit is linked by the advisory.


Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

--- End Message ---
--- Begin Message ---
Source: mumble
Source-Version: 1.2.2-4

We believe that the bug you reported is fixed in the latest version of
mumble, which is due to be installed in the Debian FTP archive:

  to main/m/mumble/mumble-11x_1.2.2-4_i386.deb
  to main/m/mumble/mumble-dbg_1.2.2-4_i386.deb
  to main/m/mumble/mumble-server-web_1.2.2-4_all.deb
  to main/m/mumble/mumble-server_1.2.2-4_i386.deb
  to main/m/mumble/mumble_1.2.2-4.debian.tar.gz
  to main/m/mumble/mumble_1.2.2-4.dsc
  to main/m/mumble/mumble_1.2.2-4_i386.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 587713@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Thorvald Natvig <thorvald@debian.org> (supplier of updated mumble package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.8
Date: Mon, 12 Jul 2010 15:11:24 +0200
Source: mumble
Binary: mumble mumble-11x mumble-server mumble-dbg mumble-server-web
Architecture: source all i386
Version: 1.2.2-4
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Thorvald Natvig <thorvald@debian.org>
 mumble     - Low latency VoIP client
 mumble-11x - Low latency VoIP client (1.1.x)
 mumble-dbg - Low latency VoIP client (debugging symbols)
 mumble-server - Low latency VoIP server
 mumble-server-web - Web scripts for mumble-server
Closes: 587713
 mumble (1.2.2-4) unstable; urgency=high
   * Fix failure with SQLite with very long 'like' matches.
     Closes: #587713
 dccbae23b2b22b681e1e20db5bbae875fe2865bb 1882 mumble_1.2.2-4.dsc
 3376da9edf3b13e99a9565683c74a03159c9be2c 30098 mumble_1.2.2-4.debian.tar.gz
 93e7799f1d17847758327b240b067ae00ff663bf 94424 mumble-server-web_1.2.2-4_all.deb
 598e3da7ed603d471d3a188212916f70b2dc8b14 2192410 mumble_1.2.2-4_i386.deb
 3d08d383aadeb43a1365c4e9dd8e2e8eafaf6817 1265636 mumble-11x_1.2.2-4_i386.deb
 7244e579687234d7d54345512eec9c42828fc803 795780 mumble-server_1.2.2-4_i386.deb
 0ba20d9aa3616f387bbbc9443e451d7c0f27aac8 24110946 mumble-dbg_1.2.2-4_i386.deb
 4dd58af24d400e98d6bf9c427abd06705118955877a34d87de4890e6b880e4e4 1882 mumble_1.2.2-4.dsc
 511bb98897f6578a2c87adbabac9f34ad1ee45f54b54389f47e0830820889027 30098 mumble_1.2.2-4.debian.tar.gz
 84c131b42eb5bc0687125d4e86ed64f4e107263f232cfd89e7db81e11dac36ea 94424 mumble-server-web_1.2.2-4_all.deb
 3bc748aab6155565654754b9ca7739ba3d8196439b45d4baa2e555ad1c5c4b00 2192410 mumble_1.2.2-4_i386.deb
 2a15903a4ef8c9de0aa93614ce0f64b31ce658c3d5d335d062a4d9b924bdc326 1265636 mumble-11x_1.2.2-4_i386.deb
 508cb8698d8246903403389f08518c0a87d7fdf6d5948872d76bda4c3b47ffbb 795780 mumble-server_1.2.2-4_i386.deb
 d3c4b1e30985caa138c7c61f1312f38472a8b2de18314db77c4357d0d3dcecbe 24110946 mumble-dbg_1.2.2-4_i386.deb
 8edddf781201acc2a09e16a3f8c19525 1882 sound optional mumble_1.2.2-4.dsc
 235182d8205b9717bd50f82a9cc6febd 30098 sound optional mumble_1.2.2-4.debian.tar.gz
 4472f54f8e09432fa86c76e3896fe44d 94424 sound optional mumble-server-web_1.2.2-4_all.deb
 1a099762f3258e6359db041aeb188fe2 2192410 sound optional mumble_1.2.2-4_i386.deb
 a9aed66ddfc8b0456522df31ea4717a1 1265636 sound optional mumble-11x_1.2.2-4_i386.deb
 c9c1568e0298eeacd0a8a3dadd8c34c6 795780 sound optional mumble-server_1.2.2-4_i386.deb
 0b30069f8a3e6793a2a923d4de322bf6 24110946 debug extra mumble-dbg_1.2.2-4_i386.deb

Version: GnuPG v1.4.10 (GNU/Linux)


--- End Message ---

Reply to: