Update Info


Security update for mumble

Type: security
Severity: moderate
Issued: 2020-09-16
This update for mumble fixes the following issues:

mumble was updated 1.3.2:

* client: Fixed overlay not starting

Update to upstream version 1.3.1

- Security
  * Fixed: Potential exploit in the OCB2 encryption (#4227)


  * Fixed: Added missing UserKDFIterations field to UserInfo =>
    Prevents getRegistration() from failing with enumerator
    out of range error (#3835)


  * Fixed: Segmentation fault during murmur shutdown (#3938)

- Client

  * Fixed: Crash when using multiple monitors (#3756)
  * Fixed: Don't send empty message from clipboard via shortcut,
    if clipboard is empty (#3864)
  * Fixed: Talking indicator being able to freeze to indicate talking
    when self-muted (#4006)
  * Fixed: High CPU usage for update-check if update server not
    available (#4019)
  * Fixed: DBus getCurrentUrl returning empty string when not in
    root-channel (#4029)
  * Fixed: Small parts of whispering leaking out (#4051)
  * Fixed: Last audio frame of normal talking is sent to last
    whisper target (#4050)
  * Fixed: LAN-icon not found in ConnectDialog (#4058)
  * Improved: Set maximal vertical size for User Volume Adjustment
    dialog (#3801)
  * Improved: Don't send empty data to PulseAudio (#3316)
  * Improved: Use the SRV resolved port for UDP connections (#3820)
  * Improved: Manual Plugin UI (#3919)
  * Improved: Don't start Jack server by default (#3990)
  * Improved: Overlay doesn't hook into all other processes by
    default (#4041)
  * Improved: Wait longer before disconnecting from a server due
    to unanswered Ping-messages (#4123)

- Server

  * Fixed: Possibility to circumvent max user-count
    in channel (#3880)
  * Fixed: Rate-limit implementation susceptible to
    time-underflow (#4004)
  * Fixed: OpenSSL error 140E0197 with Qt >= 5.12.2 (#4032)
  * Fixed: VersionCheck for SQL for when to use the
    WAL feature (#4163)
  * Fixed: Wrong database encoding that could lead
    to server-crash (#4220)
  * Fixed: DB crash due to primary key violation
    (now performs "UPSERT" to avoid this) (#4105)
  * Improved: The fields in the Version ProtoBuf message are
    now size-restricted (#4101)

- use the "profile profilename /path/to/binary" syntax to make
  "ps aufxZ" more readable

This update was imported from the openSUSE:Leap:15.1:Update update project.



  • mumble-1.3.2-bp152.2.3.1