From ${URL} : The Mumble team has just released Mumble 1.2.6, which contains fixes for the two following vulnerabilities: Mumble-SA-2014-005 [http://mumble.info/security/Mumble-SA-2014-005.txt] - SVG images with local file references could trigger client DoS Mumble-SA-2014-006 [http://mumble.info/security/Mumble-SA-2014-006.txt] - The Mumble client did not properly HTML-escape some external strings before using them in a rich-text (HTML) context. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
I've just committed Mumble (and murmur) 1.2.6 to CVS. Both can be stabilized right away since the only change to 1.2.5 are the security fixes for the Mumble client and just the version number increment for the murmur server part.
(In reply to Timo Gurr from comment #1) > I've just committed Mumble (and murmur) 1.2.6 to CVS. Both can be stabilized > right away since the only change to 1.2.5 are the security fixes for the > Mumble client and just the version number increment for the murmur server > part. Thank you, Timo. Arches, please test and mark stable: =media-sound/mumble-1.2.6 Target KEYWORDS="amd64 x86"
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
Added to existing GLSA request.
+ 06 Jun 2014; Sergey Popov <pinkbyte@gentoo.org> -mumble-1.2.5.ebuild: + Security cleanup, wrt bug #510380
This issue was resolved and addressed in GLSA 201406-06 at http://security.gentoo.org/glsa/glsa-201406-06.xml by GLSA coordinator Sergey Popov (pinkbyte).