On Thursday, May 15, 2014 08:55:05 Salvatore Bonaccorso wrote: > Source: mumble > Severity: important > Tags: security upstream fixed-upstream > > Hi > > There are two mumble security advisories released, see details in [1] > and [2]. CVEs were already assigned for these issues[3]. When you fix > the package, could you please reference these in your changelog?
Will do. Unfortunately the available Mumble-SA-2014-006.patch for CVE-2014-3756 will not apply to 1.2.3-349-g315b5f5 in Wheezy and will require backporting to fix. I've reported this to Mumble upstream. I'm currently working on a release of mumble-1.2.6 for Unstable. > [1] http://mumble.info/security/Mumble-SA-2014-005.txt > [2] http://mumble.info/security/Mumble-SA-2014-006.txt > [3] http://www.openwall.com/lists/oss-security/2014/05/15/4 > > Regards, > Salvatore -- Chris -- Chris Knadle chris.kna...@coredump.us -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org