Raphael Geissert | 1 Jul 04:18 2010
Picon

Bug#587713: mumble-server: DoS via malformed client queries

Package: mumble-server
Version: 1.2.2-2
Severity: grave
Tags: security

Hi,

The following vulnerability has been reported in mumble-server.

From [1]:
> Through a malformed type of data is possible to force the termination
> of the server due to an error in the SQL query (SQLite library).
> The attacker needs to join the server to exploit it.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry, if one is assigned by then.

There's no known patch at the moment and an exploit is linked by the advisory.

[1]http://aluigi.altervista.org/adv/mumbleed-adv.txt

Cheers,
--

-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
JOHN PROTIUS | 1 Jul 11:00 2010

HUMBLE BUSINESS ASSISTANCE

FROM: MR. JOHN PROTIUS
JOHANNESBURG SOUTH AFRICA
TEL: +27-83-987-0119
FAX: +27-86-585-0806
E-MAIL: protiusj <at> yahoo.com.hk
 
Please Kindly Open the Attachment to read the message.
_______________________________________________
Pkg-voip-maintainers mailing list
Pkg-voip-maintainers <at> lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-voip-maintainers
Debian Bug Tracking System | 1 Jul 13:39 2010
Picon

Processed: Re: Bug#587713: mumble-server: DoS via malformed client queries

Processing commands for control <at> bugs.debian.org:

> reassign #587713 libqt4-sql-sqlite
Bug #587713 [mumble-server] mumble-server: DoS via malformed client queries
Bug reassigned from package 'mumble-server' to 'libqt4-sql-sqlite'.
Bug No longer marked as found in versions mumble/1.2.2-2.
> thanks
Stopping processing here.

Please contact me if you need assistance.
--

-- 
587713: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=587713
Debian Bug Tracking System
Contact owner <at> bugs.debian.org with problems

Mikael Magnusson | 1 Jul 15:56 2010
Picon

Git repository

On Wed, 2010-06-23 at 00:17 +0200, Gabriele Giacone wrote:

> What about creating /git/pkg-voip group directory for git repos?
> 
> 
> Gabriele

I am also interested in a pkg-voip git repository for the YXA package.

/Mikael
Joe Dalton | 1 Jul 19:41 2010
Picon

Bug#587798: [INTL:da] Danish translation of the debconf templates mumble

Package: mumble
Severity: wishlist
Tags: l10n patch

Please include the attached Danish debconf translation

joe <at> joe-desktop:~/over/debian/mumble$ msgfmt --statistics -c -v -o /dev/null da.po
8 oversatte tekster.

bye
Joe

Attachment (da.po): text/x-gettext-translation, 3412 bytes
_______________________________________________
Pkg-voip-maintainers mailing list
Pkg-voip-maintainers <at> lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-voip-maintainers
Archive Administrator | 2 Jul 14:32 2010
Picon

asterisk-moh-opsound_2.03-1_amd64.changes ACCEPTED


Accepted:
asterisk-moh-opsound-g722_2.03-1_all.deb
  to main/a/asterisk-moh-opsound/asterisk-moh-opsound-g722_2.03-1_all.deb
asterisk-moh-opsound-gsm_2.03-1_all.deb
  to main/a/asterisk-moh-opsound/asterisk-moh-opsound-gsm_2.03-1_all.deb
asterisk-moh-opsound-wav_2.03-1_all.deb
  to main/a/asterisk-moh-opsound/asterisk-moh-opsound-wav_2.03-1_all.deb
asterisk-moh-opsound_2.03-1.debian.tar.gz
  to main/a/asterisk-moh-opsound/asterisk-moh-opsound_2.03-1.debian.tar.gz
asterisk-moh-opsound_2.03-1.dsc
  to main/a/asterisk-moh-opsound/asterisk-moh-opsound_2.03-1.dsc
asterisk-moh-opsound_2.03.orig.tar.gz
  to main/a/asterisk-moh-opsound/asterisk-moh-opsound_2.03.orig.tar.gz

Override entries for your package:
asterisk-moh-opsound-g722_2.03-1_all.deb - extra comm
asterisk-moh-opsound-gsm_2.03-1_all.deb - extra comm
asterisk-moh-opsound-wav_2.03-1_all.deb - extra comm
asterisk-moh-opsound_2.03-1.dsc - source comm

Announcing to debian-devel-changes <at> lists.debian.org
Closing bugs: 571167 

Thank you for your contribution to Debian.
Debian testing watch | 2 Jul 18:39 2010
Picon

opal 3.6.8~dfsg-2 MIGRATED to testing

FYI: The status of the opal source package
in Debian's testing distribution has changed.

  Previous version: 3.6.8~dfsg-1
  Current version:  3.6.8~dfsg-2

--

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See http://release.debian.org/testing-watch/ for more information.
Archive Administrator | 3 Jul 03:55 2010
Picon

Processing of gnugk_2.3.2-3-1_amd64.changes

gnugk_2.3.2-3-1_amd64.changes uploaded successfully to ftp-master.debian.org
along with the files:
  gnugk_2.3.2-3-1.dsc
  gnugk_2.3.2-3.orig.tar.gz
  gnugk_2.3.2-3-1.debian.tar.gz
  gnugk_2.3.2-3-1_amd64.deb

Greetings,

	Your Debian queue daemon (running on host ravel.debian.org)
Archive Administrator | 3 Jul 03:58 2010
Picon

Processing of gnugk_2.3.2-3-1_amd64.changes

gnugk_2.3.2-3-1_amd64.changes uploaded successfully to localhost
along with the files:
  gnugk_2.3.2-3-1.dsc
  gnugk_2.3.2-3.orig.tar.gz
  gnugk_2.3.2-3-1.debian.tar.gz
  gnugk_2.3.2-3-1_amd64.deb

Greetings,

	Your Debian queue daemon (running on host ries.debian.org)
Archive Administrator | 3 Jul 05:32 2010
Picon

gnugk_2.3.2-3-1_amd64.changes ACCEPTED


Accepted:
gnugk_2.3.2-3-1.debian.tar.gz
  to main/g/gnugk/gnugk_2.3.2-3-1.debian.tar.gz
gnugk_2.3.2-3-1.dsc
  to main/g/gnugk/gnugk_2.3.2-3-1.dsc
gnugk_2.3.2-3-1_amd64.deb
  to main/g/gnugk/gnugk_2.3.2-3-1_amd64.deb
gnugk_2.3.2-3.orig.tar.gz
  to main/g/gnugk/gnugk_2.3.2-3.orig.tar.gz

Override entries for your package:
gnugk_2.3.2-3-1.dsc - source comm
gnugk_2.3.2-3-1_amd64.deb - optional comm

Announcing to debian-devel-changes <at> lists.debian.org

Thank you for your contribution to Debian.

Gmane