Your message dated Tue, 15 Jan 2019 20:42:54 +0000 with message-id <e1gjvxy-0005sd...@fasolo.debian.org> and subject line Bug#919249: fixed in mumble 1.3.0~git20190114.9fcc588+dfsg-1 has caused the Debian Bug report #919249, regarding security issue: instability and crash due to crafted message flooding to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 919249: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919249 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: mumble Version: 1.2.19-3 Severity: important Tags: security fixed-upstream fixed-in-experimental It is currently possible to cause mumble-server to freeze and/or crash by sending specifically it crafted commands, leading to a denial of service. The server usually automatically recovers, however it has been reported that in some instances it can take up to an hour after the attack has ended. The attack can be done remotely and does not need special permissions. All versions of mumble 1.2.x and 1.3.0 snapshots prior to 2018-08-31 are affected.
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Source: mumble Source-Version: 1.3.0~git20190114.9fcc588+dfsg-1 We believe that the bug you reported is fixed in the latest version of mumble, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 919...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christopher Knadle <chris.kna...@coredump.us> (supplier of updated mumble package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 15 Jan 2019 05:53:33 +0000 Source: mumble Binary: mumble mumble-server Architecture: source Version: 1.3.0~git20190114.9fcc588+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Christopher Knadle <chris.kna...@coredump.us> Changed-By: Christopher Knadle <chris.kna...@coredump.us> Description: mumble - Low latency encrypted VoIP client mumble-server - Low latency encrypted VoIP server Closes: 874683 875058 915273 919249 Changes: mumble (1.3.0~git20190114.9fcc588+dfsg-1) unstable; urgency=medium . * New upstream git snapshot from 2019-01-14 Fixes wishlist bug "mumble: please package a QT5 version of mumble" (Closes: #874683) Fixes "[mumble] Future Qt4 removal from Buster" (Closes: #875058) Thanks to Lisandro Damián Nicanor Pérez Meyer <lisan...@debian.org> for reporting the bug Fixes "mumble: sound glitches when starting mumble" (Closes: #915273) Thanks to Axel R. <at...@t-online.de> for reporting the bug Fixes security issue: instability and crash due to crafted message flooding Thanks to "The Zom.bi Community" for reporting the bug and fixing the bug upstream (Closes: #919249) * debian/control: - Update Build-Depends to use Qt5 dependencies - Remove Suggests: dbus package for mumble-server - Add Suggests: libqt5sql5-sqlite for mumble-server - Update Standards-Version to 4.3.0 (no changes needed) * debian/copyright: - Add Files-Excluded section to document files removed from the upstream tarball for DFSG compliance. [The removals are for draft IETF documents for CELT, Opus, Speex codecs that have a restrictive license.] - Update Source link to https://dl.mumble.info - Remove Files: macx/overlay/* section (code removed upstream) - Update copyright year for files in debian/* * debian/extras: - Add make-mumble-git-tarball.sh and murmur.ini.system.diff for creating a tarball from the git repository to allow verifying the tarball used in the package * debian/mumble-server.examples: - Update for file move in new version * debian/NEWS: - Add entry to describe new Perfect Forward Secrecy SSL support, tarball repack, and tarball PGP check removal * debian/patches: - Remove 05-lsb-description.diff (incorporated upstream) - Update 07-use-embedded-celt-baseline.diff for Mumble 1.3 - Remove 12-mumble-server-disable-dbus-and-ice.diff, Add 12-disable-ice-by-default.diff to disable Ice by default - Remove 17-change-pulseaudio-role.diff (incorporated upstream) - Remove 19-move-xlib-initializtion-earlier.diff (incorporated upstream) - Remove 27-prevent-flooding-.xsession-errors.diff (different fix incorporated upstream) - Remove 30-Remove-flawed-MX-host-existence-check.diff (incorporated upstream) - Update 35-add-dpkg-buildflags.diff for new upstream snapshot - Remove 38-fix-spelling-error.diff (incorporated upstream) - Remove 40-make-build-reproducible.diff (incorporated upstream) - Remove 43-initialize-SSL.diff (similar fix incorporated upstream) - Update 44-add-speechd-header.diff for new upstream snapshot - Update 46-var-run-to-run.diff for new upstream snapshot - Remove 48-systemd-workaround.diff (incorporated upstream) - Remove 50-zeroc-ice-lib-move.diff (similar fix incorporated upstream) - Remove 54-fix-boost-ftbfs.diff (incorporated upstream) * debian/rules: - Enable QT_SELECT=qt5 to force use of Qt5's qmake rather than Qt4's - Switch qmake-qt4 to qmake in override_dh_auto_configure section - Add CONFIG*=dpkg-buildflags in override_dh_auto_configure section * debian/upstream: - Remove signing-key.asc due to having to repack upstream tarball which will cause the PGP signature check to fail * debian/watch: - Comment out all lines for now, as the source of the tarball is via git export of 'master' with submodules via a script Checksums-Sha1: 2ef1ca4f5c9c28148aa495e2bc2720fe0dbc461f 2435 mumble_1.3.0~git20190114.9fcc588+dfsg-1.dsc c15032e468c8e7f417a0d08fe1d7c0864e0b3b47 6954263 mumble_1.3.0~git20190114.9fcc588+dfsg.orig.tar.gz a159cf9c00b9975b5dd031d6d36ed9e64d4d67f7 37328 mumble_1.3.0~git20190114.9fcc588+dfsg-1.debian.tar.xz e7f5740818860f8ae82f0f0d552957073c5c72f3 5821 mumble_1.3.0~git20190114.9fcc588+dfsg-1_source.buildinfo Checksums-Sha256: 2fd8babad3bab65273e7a8863457752672dcb2ece1945ad4378beefd5649aadd 2435 mumble_1.3.0~git20190114.9fcc588+dfsg-1.dsc d8fabda3606ef22c48919502752dd0645ef2d40ab33ed6bb01e801cc58c033f0 6954263 mumble_1.3.0~git20190114.9fcc588+dfsg.orig.tar.gz f9dc9a3c2404b98f87b2c6c1f26a8cfb56b4f655e57fa338fb9e6ae14c995df5 37328 mumble_1.3.0~git20190114.9fcc588+dfsg-1.debian.tar.xz f23edd2229ab5459129b7f5b64e2cdaa2f1a164ca137672fe0bac55a8f4f36cb 5821 mumble_1.3.0~git20190114.9fcc588+dfsg-1_source.buildinfo Files: fa6a74e71df28b647905548e0caf6363 2435 sound optional mumble_1.3.0~git20190114.9fcc588+dfsg-1.dsc b257eaca6193c2cda5d794d987eb9676 6954263 sound optional mumble_1.3.0~git20190114.9fcc588+dfsg.orig.tar.gz a18e3b29f2ac9f590f24f67ba8637e14 37328 sound optional mumble_1.3.0~git20190114.9fcc588+dfsg-1.debian.tar.xz 7739fe75e733040cc50de1a92a0491f6 5821 sound optional mumble_1.3.0~git20190114.9fcc588+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEe1KzyGmRW/4DhtV6ieLKD9m6RHAFAlw+PEoACgkQieLKD9m6 RHDVnRAApTTqygdaNctqQ8unFhLEB8BiB7Mr8E+wa38YGySgGaUpznaqgG62MvED XJIcVOgBTqNLQ1GSFwiqRLeO+SiqizL/gT/ktil3Sf5ESiqSt0E/MBfLLcVJB9N+ Si4kp1Y52GyRqSZ9No3thsIz0/i2rnOprNDYvKMXa+dfAtqJxwjaDTYLmSq4bOfm y938A5uRCsvosMfq98qnmXRIl5xpyCs5+8iycPtkDp9wNb4X2F6Fq3+IvWf33y0B lp7izrTmK8vcdN/Z9JSvu4PKHUCLUZJqtjdlaUr+cXJ0chhBL5S7WLqclJyjZnLp tuSPCCjE1KEvZDFZdZL2mKcr/Hv16hsd7PT2UGmkqFWLxGLp5t8SfTY4xMlYYaxE fodamr4nNpIe3seMDG3E7Fr3kZ8S4ssOOHIlgovu+jc0eJXOAXZtnZ7hEMsZYgzB ades2as1DBz2nqv8KQnO4IA8KaFB6+fQoIMuV+qqPc8FyO0wgnG3pJGS3IGoMGuf 1l/ovU8NUVPfNZtidXCsXcNBCYDC5UxrNtdKkiLZQSu8Lp64qaM9IDtRiMxoo4WN LT/gIZcjCeTeegGtfk8IfkUFxSOJnetqJXv4CZjgGIdi9jQHmIf6ut6TNK14FcpJ Lzx5XgPxP4lzDy55aynfd8lqJhhpIl4V8j9OB3WWPbWazfCiWbc= =Ioxc -----END PGP SIGNATURE-----
--- End Message ---
