From secunia security advisory at $URL:
The security issue is caused due to the application creating a database file (~/.local/share/data/Mumble/Mumble/.mumble.sqlite) with insecure world-readable permissions. This can be exploited to disclose password and configuration settings.
The security issue is reported in version 1.2.3. Other versions may also be affected.
Fixed in the Git repository.
Thanks, fixed in mumble-1.2.3-r2. When starting up Mumble (-r2) it also automatically corrects the permissions of already existing files.
Arches please test and mark stable:
target keywords :"amd64 x86"
Thanks, everyone. GLSA Vote: yes.
Homedirs should be 700 anyways.