[SECURITY] Fedora 7 Update: audacity-1.3.2-21.fc7

updates at fedoraproject.org updates at fedoraproject.org
Sat May 10 13:56:21 UTC 2008 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-3511
2008-05-09 22:25:48
--------------------------------------------------------------------------------

Name        : audacity
Product     : Fedora 7
Version     : 1.3.2
Release     : 21.fc7
URL         : http://audacity.sourceforge.net
Summary     : A multitrack audio editor
Description :
Audacity is a cross-platform multitrack audio editor. It allows you to
record sounds directly or to import Ogg, WAV, AIFF, AU, IRCAM, or MP3
files. It features a few simple effects, all of the editing features
you should need, and unlimited undo. The GUI was built with wxWindows
and the audio I/O currently uses OSS under Linux. Audacity runs on
Linux/*BSD, MacOS, and Windows.

--------------------------------------------------------------------------------
Update Information:

A local attacker could exploit Audacity's insecure handling of the directory for
temporary files to conduct symlink attacks in order to delete arbitrary files
and directories with the privileges of the user running Audacity.
--------------------------------------------------------------------------------
ChangeLog:

* Sat May  3 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-21
- check ownership of temporary files directory (#436260) (CVE-2007-6061)
* Fri Mar 21 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-20
- make soundtouch and allegro build with RPM optflags
* Sun Feb 10 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-19
- rawhide: patch for JACK 0.109.0 API changes (jack_port_lock/unlock removal).
- rebuilt for GCC 4.3 as requested by Fedora Release Engineering
- subst _libdir in ladspa plugin loader
* Thu Jan  3 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-18
- Patch for GCC 4.3.0 C++.
* Fri Nov 16 2007 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-17
- rebuilt for FLAC 1.1.4 -> 1.2.x upgrade, which broke FLAC import
* Tue Aug 28 2007 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-16
- rebuilt for new expat (#195888)
* Tue Aug 21 2007 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-15
- rebuild per request on fedora-devel-list
- clarify licence (GPLv2)
* Mon Mar  5 2007 Michael Schwendt <mschwendt at fedoraproject.org>
- add umask 022 to scriptlets
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #393251 - CVE-2007-6061 Audacity insecure temporary file handling
        https://bugzilla.redhat.com/show_bug.cgi?id=393251
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update audacity' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list