From Mageia wiki
MGASA-2012-0247
Date: | August 30th, 2012 |
Affected releases: | 1 |
Description:
Updated mumble packages fix security vulnerability:
Mumble 1.2.3 and earlier uses world-readable permissions for
.local/share/data/Mumble/.mumble.sqlite files in home directories,
which might allow local users to obtain a cleartext password and
configuration data by reading a file (CVE-2012-0863).
Additionally, ICE support has been enabled.
Updated Packages:
mumble-1.2.3-1.3.mga1
mumble-11x-1.2.3-1.3.mga1
mumble-plugins-1.2.3-1.3.mga1
mumble-protocol-kde4-1.2.3-1.3.mga1
mumble-server-1.2.3-1.3.mga1
mumble-server-web-1.2.3-1.3.mga1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0863
http://www.debian.org/security/2012/dsa-2411
https://bugs.mageia.org/show_bug.cgi?id=6511