Hi, On Mon, Jan 14, 2019 at 04:53:14AM +0000, Chris Knadle wrote: > Package: mumble > Version: 1.2.19-3 > Severity: important > Tags: security fixed-upstream fixed-in-experimental > > > It is currently possible to cause mumble-server to freeze and/or crash by > sending specifically it crafted commands, leading to a denial of service. > The server usually automatically recovers, however it has been reported that > in some instances it can take up to an hour after the attack has ended. > The attack can be done remotely and does not need special permissions. > > All versions of mumble 1.2.x and 1.3.0 snapshots prior to 2018-08-31 are > affected.
This issue has been assigned CVE-2018-20743. Regards, Salvatore