PublicDateAtUSN: 2021-02-16 04:15:00 UTC
Candidate: CVE-2021-27229
PublicDate: 2021-02-16 04:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27229
 https://github.com/mumble-voip/mumble/commit/e59ee87abe249f345908c7d568f6879d16bfd648
 https://github.com/mumble-voip/mumble/pull/4733
 https://github.com/mumble-voip/mumble/compare/1.3.3...1.3.4
 https://ubuntu.com/security/notices/USN-5195-1
Description:
 Mumble before 1.3.4 allows remote code execution if a victim navigates to a
 crafted URL on a server list and clicks on the Open Webpage text.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982904
Priority: medium
Discovered-by:
Assigned-to: sespiros
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_mumble:
upstream_mumble: released (1.3.4)
precise/esm_mumble: DNE
trusty_mumble: ignored (out of standard support)
trusty/esm_mumble: DNE
xenial_mumble: ignored (end of standard support, was needed)
bionic_mumble: released (1.2.19-1ubuntu1.1)
focal_mumble: released (1.3.0+dfsg-1ubuntu0.1)
groovy_mumble: ignored (reached end-of-life)
hirsute_mumble: released (1.3.4-1)
impish_mumble: released (1.3.4-1)
jammy_mumble: released (1.3.4-1)
devel_mumble: released (1.3.4-1)