[SECURITY] [DLA 2562-1] mumble security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2562-1] mumble security update
From: "Chris Lamb" <lamby@debian.org>
Date: Thu, 18 Feb 2021 06:38:36 -0500 (EST)
Message-id: <[🔎] 161364827780.486085.12425436538602518456@tinycat.chris-lamb.co.uk>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2562-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
February 18, 2021                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : mumble
Version        : 1.2.18-1+deb9u2
CVE ID         : CVE-2021-27229
Debian Bug     : #982904

It was discovered that there was a a remote code execution
vulnerability in mumble, a VoIP client commonly used for group chats.
The exploit could have been been triggered by a maliciously crafted
URL on the server list. 

For Debian 9 "Stretch", this problem has been fixed in version
1.2.18-1+deb9u2.

We recommend that you upgrade your mumble packages.

For the detailed security status of mumble please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mumble

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmAuUZQACgkQHpU+J9Qx
Hlg+lQ/+KAdtDc6cmP5270SFIq5ER2UB1Tebf3Y+uEK2d1L7qlFT/Kocm1WH+3NV
HYffrNFVkQEQaS6lK24ikjYvFNl05S2DoMtwLpgGfdRLBbW6p72oTK58bvurl61r
CtG5rczw+7tUTfNBsvow2PLxgpL2Nl/+HpcTkBYuXfS3pbWNIWoguP43cDpy7ljR
1p0Y1lSIGBhxXjdgLJQKvVELMQX0mVFuSXK6z9gA0YStz4qzgj1PswhGJC6uqcqU
u9B5Gbs8NpWGadxYzeSMk1Dpv2LdyrkyCEEJrWY0iIPc6r7w1cn/aUaqiKHi6tAv
FyCKlkQVv3vcHx30jSYS4L+HBevnhxys+eaLFV+CJ7cSY5CtEsldwzmuOIY4sb0H
sfHtwC2Uf/Z51lStTtsS5/lQI+zJbINAn/F3TsG0PgYTDaiW4lHZAOBbrQ5WM/4C
CGx2fBqDtQyMtgJEhhox+NAq+jwKL0RKEfwEpqwcsFpezgiOB5z5ZKI2rZZ+9qJp
v+li2ycOzmvHNhLAxSbodorluNBdVfbdkRlcHBrhY9PRWqHLQb2eo3hijMI9UIia
zLaF8YOH+wcJwiSNppZfinAGPfWAu02YrK04BTiQl0QAiM1FknLbVnBiMo8uGDBk
7DYvwVXCV3Tg52xbybJIdl+iZfjThiLELhVchOn2Ft9xjD0k//U=
=OiNH
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2561-1] ruby-mechanize security update
Next by Date: [SECURITY] [DLA 2563-1] openssl security update
Previous by thread: [SECURITY] [DLA 2561-1] ruby-mechanize security update
Next by thread: [SECURITY] [DLA 2563-1] openssl security update
Index(es):
- Date
- Thread