Accepted mumble 1.3.0~git20190125.440b173+dfsg-2+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 30 Apr 2021 22:24:25 +0000
Source: mumble
Architecture: source
Version: 1.3.0~git20190125.440b173+dfsg-2+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Christopher Knadle <Chris.Knadle@coredump.us>
Changed-By: Christopher Knadle <Chris.Knadle@coredump.us>
Closes: 982904
Changes:
mumble (1.3.0~git20190125.440b173+dfsg-2+deb10u1) buster; urgency=medium
.
* debian/patches:
- Add 67-only-http-https-URLs-in-Connect.diff to fix CVE-2021-27229
"Mumble before 1.3.4 allows remote code execution if a victim navigates
to a crafted URL on a server list and clicks on the Open Webpage text."
This patch only allows "http"/"https" URLs in ConnectDialog
(Closes: #982904)
Thanks to Salvatore Bonaccorso <carnil@debian.org> for reporting the bug
and giving links to the fix.
Checksums-Sha1:
ffddd841eaa581d3ec9ecb45cb8693f6fb55f2db 2467 mumble_1.3.0~git20190125.440b173+dfsg-2+deb10u1.dsc
b6056729de1a1e14b80243b58fb41e4d9545ef10 7011554 mumble_1.3.0~git20190125.440b173+dfsg.orig.tar.gz
7acb33ae42d7b12ff01c27721f4f3ed3634c873e 40008 mumble_1.3.0~git20190125.440b173+dfsg-2+deb10u1.debian.tar.xz
827de5e0137153b1e8aad54b53ce89e094d938bd 5415 mumble_1.3.0~git20190125.440b173+dfsg-2+deb10u1_source.buildinfo
Checksums-Sha256:
8d22dc1c8fa14f0a5730f789b909c5edb58b878b7d1d2b4e83fe41020f07f483 2467 mumble_1.3.0~git20190125.440b173+dfsg-2+deb10u1.dsc
3340d7915f42b86c82a175d524d34b7b7f4523c2fe459f80913775f72480c944 7011554 mumble_1.3.0~git20190125.440b173+dfsg.orig.tar.gz
4cb7f22453386aaa02c163fc78b855213e2870e75e2e6a842b0ddc47445c4019 40008 mumble_1.3.0~git20190125.440b173+dfsg-2+deb10u1.debian.tar.xz
5f80e0a08c2c0b9f3e98ecde29dde2b772c537cf7c043b444d21aa5ec71e3fee 5415 mumble_1.3.0~git20190125.440b173+dfsg-2+deb10u1_source.buildinfo
Files:
7e6a7b879a3a8aa7377afd9c42872d38 2467 sound optional mumble_1.3.0~git20190125.440b173+dfsg-2+deb10u1.dsc
086cef3df42034b2ff4951ed005cd8f5 7011554 sound optional mumble_1.3.0~git20190125.440b173+dfsg.orig.tar.gz
d3bba122e581243fbe245bbd87fccd05 40008 sound optional mumble_1.3.0~git20190125.440b173+dfsg-2+deb10u1.debian.tar.xz
032386ff98e553a535c32e2740833dbb 5415 sound optional mumble_1.3.0~git20190125.440b173+dfsg-2+deb10u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEe1KzyGmRW/4DhtV6ieLKD9m6RHAFAmCMvuIACgkQieLKD9m6
RHDO+xAAqA/n5hpOsO2B7Fr+6CYaHtzgKFUytEWU2jNrhVBtthY00Zm/QXulalq5
yxCRgmgNlVYcXdisGfvZ1T3VLJef0Jv5tQgVvq9N+K8kmLpsfUE7kqWh1P+AN6Yf
3Ssyczt+5kTp2Bha2f9YkU677uSDEtqkMrXcPvuL7sTwjik3Rrz1MWeznZIzV9+7
qsFnpHisK0ggntCQv6Z10UfR5bcyNnZrWdjad0JahLfWUDFyTkTP2f57CiGgnQNa
7YncrNxMjd9azQeZEejXEHblbUXfmiA9CJNHsHbfm1fLRiEQXJ9SyFiB8baYED9U
fmTfY1NjyBu8M4E0DM8ARQhrWTMSMpcgLrlu2CEaT/Hl/OsVDEptnRYDzOA+SjjY
4mSDzOGheCOvauYdH3qfIpR6noHZx+r5pMMD++0PhStG/ELc4HZkD3vVyvWQdMj3
SJmxS+nwMZIiA462HZkFuDDhMoedYClhu2HAvv4siQ2zMNBeovd+T7xDCo7mr+13
axtUXxU1QL7PyvSQ9V+A5TT4w8mbkl1kU0kaqOBpEKraBHge4uGRNvfvb+P3aqLM
QuUhvCpEF18a7ks64Yj89on2n4E5rOlDgn8E8uPQ1Hmmslg00gcNRrIddzTks507
D5X0YKRVrwfVM3W01lkDGXflADF0SZTtgsz4S7jEEkNf7lK6ePk=
=s9kB
-----END PGP SIGNATURE-----