LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2012-8956 (mumble)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 16 Update: mumble-1.2.3-5.fc16.1 


Date:
    	      Tue, 19 Jun 2012 15:00:53 +0000


Message-ID:
    	      <20120619150054.D46DD20B19@bastion01.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-8956
2012-06-07 01:38:47
--------------------------------------------------------------------------------

Name        : mumble
Product     : Fedora 16
Version     : 1.2.3
Release     : 5.fc16.1
URL         : http://mumble.sourceforge.net/
Summary     : Voice chat suite aimed at gamers
Description :
Mumble provides low-latency, high-quality voice communication for gamers.
It includes game linking, so voice from other players comes
from the direction of their characters, and has echo
cancellation so that the sound from your loudspeakers
won't be audible to other players.

--------------------------------------------------------------------------------
Update Information:

This update fixes a number of startup problems of the mumble server murmur.

Additionally it contains a fix for CVE-2012-0863 (insecure world-readable permissions on database
file) of the mumble client.
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 31 2012 Christian Krause <chkr@fedoraproject.org> - 1.2.3-5.1
- Fix startup issues of murmurd (BZ 711711, BZ 771423)
- Fix directory ownership of %{_libdir}/mumble and %{_datadir}/mumble*
  (BZ 744886)
- Add upstream patch for CVE-2012-0863 (BZ 791058)
- Fix broken logrotate config file (BZ 730129)
- Add dependency for qt4-sqlite (BZ 660221)
- Remove /sbin/ldconfig from %post(un) since mumble does not
  contain any libraries in %{_libdir}
- Some minor cleanup
* Thu Nov 10 2011 Andreas Osowski <th0br0@mkdir.name> - 1.2.3-5
- Updated Ice version in patch0
- Added new patch to build against celt071 includes thanks to Florent Le Coz
* Thu Nov 10 2011 Andreas Osowski <th0br0@mkdir.name> - 1.2.3-4
- rebuilt for protobuf update
* Mon Sep 12 2011 Andreas Osowski <th0br0@mkdir.name> - 1.2.3-3
- Rebuild for newer protobuf
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #791000 - CVE-2012-0863 mumble: insecure world-readable permissions on database file
        https://bugzilla.redhat.com/show_bug.cgi?id=791000
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update mumble' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds