Name of the Vulnerable Software and Affected Versions: mumble versions prior to 1.3.4

Description: The issue is caused by allowing non http/https URL schemes in the public server list. This has been fixed in the update to version 1.3.4. Other fixes include handling of invalid packet sizes, race-condition leading to loss of shortcuts, and crash due to problems when using PostgreSQL.

Recommendations: For versions prior to 1.3.4, update to version 1.3.4 to fix the security vulnerability and other issues. As a temporary workaround, consider restricting the use of non http/https URL schemes in the public server list until the update is applied.