CVE-2012-0863
Published: 30 April 2012
Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.
Priority
Status
Package | Release | Status |
---|---|---|
mumble Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(1.2.2-1ubuntu1.2)
|
|
maverick |
Released
(1.2.2-4ubuntu0.2)
|
|
natty |
Released
(1.2.3-1ubuntu6.1)
|
|
oneiric |
Released
(1.2.3-2ubuntu2.1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: https://github.com/mumble-voip/mumble/commit/5632c35d6759f5e13a7dfe78e4ee6403ff6a8e3e |