This bug was fixed in the package mumble - 1.1.3-0ubuntu2.1
---
mumble (1.1.3-0ubuntu2.1) hardy-security; urgency=low
* SECURITY UPDATE: /etc/mumble-server.ini is world readable. (LP: #704674)
- debian/mumble-server.postinst: Set permissions of mumble-server.ini to
0640 an
This bug was fixed in the package mumble - 1.1.8-3ubuntu0.1
---
mumble (1.1.8-3ubuntu0.1) karmic-security; urgency=low
* SECURITY UPDATE: /etc/mumble-server.ini is world readable. (LP: #704674)
- debian/mumble-server.postinst: Set permissions of mumble-server.ini to
0640 a
This bug was fixed in the package mumble - 1.2.2-1ubuntu1.1
---
mumble (1.2.2-1ubuntu1.1) lucid-security; urgency=low
* SECURITY UPDATE: /etc/mumble-server.ini is world readable. (LP: #704674)
- debian/mumble-server.postinst: Set permissions of mumble-server.ini to
0640 an
This bug was fixed in the package mumble - 1.2.2-4ubuntu0.1
---
mumble (1.2.2-4ubuntu0.1) maverick-security; urgency=low
* SECURITY UPDATE: /etc/mumble-server.ini is world readable. (LP: #704674)
- debian/mumble-server.postinst: Set permissions of mumble-server.ini to
0640
Uploaded hardy-maverick to the security PPA. Thanks for the patches!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/704674
Title:
mumble-server creates world readable config file
--
ubuntu-bugs mai
ACK to hardy-maverick.
** Changed in: mumble (Ubuntu Lucid)
Status: Triaged => Fix Committed
** Changed in: mumble (Ubuntu Maverick)
Status: Triaged => Fix Committed
** Changed in: mumble (Ubuntu Hardy)
Status: Triaged => Fix Committed
** Changed in: mumble (Ubuntu Karmic)
** Changed in: mumble (Ubuntu Lucid)
Status: New => Triaged
** Changed in: mumble (Ubuntu Maverick)
Status: New => Triaged
** Changed in: mumble (Ubuntu Hardy)
Status: New => Triaged
** Changed in: mumble (Ubuntu Karmic)
Status: New => Triaged
--
You received this b
** Changed in: mumble (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/704674
Title:
mumble-server creates world readable config file
--
ubuntu-bugs ma
debdiff for hardy
** Patch added: "mumble_1.1.3-0ubuntu2.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/704674/+attachment/1800497/+files/mumble_1.1.3-0ubuntu2.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ub
debdiff for karmic
** Patch added: "mumble_1.1.8-3ubuntu0.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/704674/+attachment/1800471/+files/mumble_1.1.8-3ubuntu0.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to U
debdiff for lucid
** Patch added: "mumble_1.2.2-1ubuntu1.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/704674/+attachment/1800470/+files/mumble_1.2.2-1ubuntu1.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ub
I've fixed the debdiff for maverick.
The "|| true" error catch shouldn't be necessary.
** Patch added: "mumble_1.2.2-4ubuntu0.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/704674/+attachment/1800468/+files/mumble_1.2.2-4ubuntu0.1.debdiff
** Changed in: mumble (Ubuntu Maveri
Unsubscribing ubuntu-security-sponsors. Please resubscribe ubuntu-
security-sponsors and set the status to 'NEW' when the changes are
complete. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/704
Thanks for the debdiff!
It is possible that /etc/mumble-server.ini will not be present on
upgrades, in which case postinst would fail. Please verify that the file
exists by doing something like this instead:
if [ -f /etc/mumble-server.ini ]; then
chmod 0640 /etc/mumble-server.ini || true
Patrick,
Definitely it's not an earth-shattering vulnerability, but the Ubuntu process
for USNs isn't any more difficult to go through than the SRU process (need the
debdiff to be tested and commented as tested on the bug report).
John
On Jan 19, 2011, at 1:31 PM, Patrick Matthäi wrote:
> A
** Also affects: mumble (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: mumble (Ubuntu Karmic)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launch
Alright, attached is a debdiff targeting maverick-security.
If this one is fine, I'll prepare packages for the other series.
I have tested that it correctly sets the permissions for new installs and
upgrades.
** Patch added: "mumble_1.2.2-4ubuntu0.1.debdiff"
https://bugs.launchpad.net/ubuntu/
** This bug has been flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/704674
Title:
mumble-server creates world readable config file
--
ubuntu-bugs mailing list
ub
After talking it over with Kees Cook, I think it's best to handle this
bug as a security update and go through the Ubuntu Security Team rather
than SRU.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/70
IMO this borders on being a security vulnerability. The patch of course
is good, but I'm hesitant on whether or not this should be handled as a
USN so that affected administrators can be aware of potential sensitive
information leakage.
--
You received this bug notification because you are a memb
Uploaded a fix to lucid-proposed and maverick-proposed, waiting for
approval.
** Changed in: mumble (Ubuntu Lucid)
Status: In Progress => Triaged
** Changed in: mumble (Ubuntu Lucid)
Assignee: Felix Geyer (debfx) => (unassigned)
** Changed in: mumble (Ubuntu Maverick)
Status:
** Changed in: mumble (Ubuntu Lucid)
Status: New => In Progress
** Changed in: mumble (Ubuntu Lucid)
Assignee: (unassigned) => Felix Geyer (debfx)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/
Already fixed in natty (mumble 1.2.2-6).
** Changed in: mumble (Ubuntu)
Importance: Undecided => High
** Changed in: mumble (Ubuntu)
Status: New => Fix Released
** Also affects: mumble (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: mumble (Ubuntu Maverick)
23 matches
Mail list logo