CVE-2019-1000029

NameCVE-2019-1000029
DescriptionDoS due to changing # of allowed users in root channel
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs920476

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mumble (PTS)jessie1.2.8-2fixed
jessie (security)1.2.8-2+deb8u1fixed
stretch (security), stretch1.2.18-1+deb9u1fixed
buster, bullseye1.3.0~git20190125.440b173+dfsg-2fixed
sid1.3.0+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mumblesource(unstable)1.3.0~git20190125.440b173+dfsg-1920476
mumblesourcejessie(not affected)
mumblesourcestretch(not affected)

Notes

[stretch] - mumble <not-affected> (Vulnerable code introduced later)
[jessie] - mumble <not-affected> (Vulnerable code introduced later)
https://github.com/mumble-voip/mumble/issues/3585
Introduced in: https://github.com/mumble-voip/mumble/commit/84b1bcecef790a84d10b2d1f2060c1681a2bb836
Fixed by: https://github.com/mumble-voip/mumble/commit/3edc46ff7308691d342f8c08ce1afaaefce35a5c

Search for package or bug name: Reporting problems