Mumble 1.2.3 and previous versions uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.
Debian Bug report logs -
mumble: Mumble database is world-readable
Maintainer for mumble is Christopher Knadle <ChrisKnadle@coredumpus>; Source for mumble is src:mumble (PTS, buildd, popcon)
Reported by: Marc Deslauriers <marcdeslauriers@ubuntucom>
Date: Tue, 7 Feb 2012 16:21:01 UTC