[SECURITY] Fedora 15 Update: mumble-1.2.3-4.fc15.1

updates at fedoraproject.org updates at fedoraproject.org
Tue Jun 19 15:03:33 UTC 2012 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-8960
2012-06-07 01:39:03
--------------------------------------------------------------------------------

Name        : mumble
Product     : Fedora 15
Version     : 1.2.3
Release     : 4.fc15.1
URL         : http://mumble.sourceforge.net/
Summary     : Voice chat suite aimed at gamers
Description :
Mumble provides low-latency, high-quality voice communication for gamers.
It includes game linking, so voice from other players comes
from the direction of their characters, and has echo
cancellation so that the sound from your loudspeakers
won't be audible to other players.

--------------------------------------------------------------------------------
Update Information:

This update fixes a number of startup problems of the mumble server murmur.

Additionally it contains a fix for CVE-2012-0863 (insecure world-readable permissions on database file) of the mumble client.
Rebuild for newer protobuf
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 31 2012 Christian Krause <chkr at fedoraproject.org> - 1.2.3-4.1
- Fix startup issues of murmurd (BZ 711711, BZ 771423)
- Fix directory ownership of %{_libdir}/mumble and %{_datadir}/mumble*
  (BZ 744886)
- Add upstream patch for CVE-2012-0863 (BZ 791058)
- Fix broken logrotate config file (BZ 730129)
- Add dependency for qt4-sqlite (BZ 660221)
- Remove /sbin/ldconfig from %post(un) since mumble does not
  contain any libraries in %{_libdir}
- Some minor cleanup
* Mon Sep 12 2011 Andreas Osowski <th0br0 at mkdir.name> - 1.2.3-4
- Rebuild for updated protobuf
* Mon Jun 20 2011 Andreas Osowski <th0br0 at mkdir.name> - 1.2.3-3
- Rebuild for updated protobuf
* Tue May 17 2011 Andreas Osowski <th0br0 at mkdir.name> - 1.2.3-2
- Added celt071 functionality
- Fixed the qmake args
* Wed Mar 30 2011 Andreas Osowski <th0br0 at mkdir.name> - 1.2.3-1
- Update to 1.2.3
- Fixes vulnerability #610845
- Added patch to make it compile with Ice 3.4.0
- Added tmpfile.d config file for murmur
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #791000 - CVE-2012-0863 mumble: insecure world-readable permissions on database file
        https://bugzilla.redhat.com/show_bug.cgi?id=791000
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update mumble' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list