Mumble has been updated to fix two security issues, as detailed in this announcement: http://blog.mumble.info/mumble-1-2-5/ Reproducible: Always
wrangling in progress, please wait
Mumble-SA-2014-001 [sig] (CVE-2014-0044) – A malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access. Mumble-SA-2014-002 [sig] (CVE-2014-0045) – A malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow.
Actually, I'm not sure if "heap-based buffer overflow" means possible remote code execution.
Let's call it B3 for now, we can bump it up if the CVE indicates possible AcE. Heap-based buffer overflows sometimes are AcE, sometimes just DoS.
*** This bug has been marked as a duplicate of bug 500486 ***