-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-3511 2008-05-09 22:25:48 --------------------------------------------------------------------------------
Name : audacity Product : Fedora 7 Version : 1.3.2 Release : 21.fc7 URL : http://audacity.sourceforge.net Summary : A multitrack audio editor Description : Audacity is a cross-platform multitrack audio editor. It allows you to record sounds directly or to import Ogg, WAV, AIFF, AU, IRCAM, or MP3 files. It features a few simple effects, all of the editing features you should need, and unlimited undo. The GUI was built with wxWindows and the audio I/O currently uses OSS under Linux. Audacity runs on Linux/*BSD, MacOS, and Windows.
-------------------------------------------------------------------------------- Update Information:
A local attacker could exploit Audacity's insecure handling of the directory for temporary files to conduct symlink attacks in order to delete arbitrary files and directories with the privileges of the user running Audacity. -------------------------------------------------------------------------------- ChangeLog:
* Sat May 3 2008 Michael Schwendt mschwendt@fedoraproject.org - 1.3.2-21 - check ownership of temporary files directory (#436260) (CVE-2007-6061) * Fri Mar 21 2008 Michael Schwendt mschwendt@fedoraproject.org - 1.3.2-20 - make soundtouch and allegro build with RPM optflags * Sun Feb 10 2008 Michael Schwendt mschwendt@fedoraproject.org - 1.3.2-19 - rawhide: patch for JACK 0.109.0 API changes (jack_port_lock/unlock removal). - rebuilt for GCC 4.3 as requested by Fedora Release Engineering - subst _libdir in ladspa plugin loader * Thu Jan 3 2008 Michael Schwendt mschwendt@fedoraproject.org - 1.3.2-18 - Patch for GCC 4.3.0 C++. * Fri Nov 16 2007 Michael Schwendt mschwendt@fedoraproject.org - 1.3.2-17 - rebuilt for FLAC 1.1.4 -> 1.2.x upgrade, which broke FLAC import * Tue Aug 28 2007 Michael Schwendt mschwendt@fedoraproject.org - 1.3.2-16 - rebuilt for new expat (#195888) * Tue Aug 21 2007 Michael Schwendt mschwendt@fedoraproject.org - 1.3.2-15 - rebuild per request on fedora-devel-list - clarify licence (GPLv2) * Mon Mar 5 2007 Michael Schwendt mschwendt@fedoraproject.org - add umask 022 to scriptlets -------------------------------------------------------------------------------- References:
[ 1 ] Bug #393251 - CVE-2007-6061 Audacity insecure temporary file handling https://bugzilla.redhat.com/show_bug.cgi?id=393251 --------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use su -c 'yum update audacity' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org