[Bug 704674] Re: mumble-server creates world readable config file

John Dong jdong at johndong.com
Wed Jan 19 19:58:18 UTC 2011


Patrick,


Definitely it's not an earth-shattering vulnerability, but the Ubuntu process for USNs isn't any more difficult to go through than the SRU process (need the debdiff to be tested and commented as tested on the bug report).

John


On Jan 19, 2011, at 1:31 PM, Patrick Matthäi wrote:

> Am 19.01.2011 18:58, schrieb John Dong:
>> After talking it over with Kees Cook, I think it's best to handle this
>> bug as a security update and go through the Ubuntu Security Team rather
>> than SRU.
>> 
> 
> Hello,
> 
> I already asked the Debian Security Team how I should handle this. In
> their opinion it is nothing for a DSA, but it is fixed with our next
> point release.
> 
> -- 
> /*
> Mit freundlichem Gruß / With kind regards,
> Patrick Matthäi
> GNU/Linux Debian Developer
> 
> E-Mail: pmatthaei at debian.org
>        patrick at linux-dev.org
> 
> Comment:
> Always if we think we are right,
> we were maybe wrong.
> */
>

-- 
You received this bug notification because you are a member of Debian
VoIP Team, which is subscribed to mumble in ubuntu.
https://bugs.launchpad.net/bugs/704674

Title:
  mumble-server creates world readable config file



More information about the Pkg-voip-maintainers mailing list