Package: audacity Severity: grave Tags: security Justification: user security hole
Hi The following CVE[0] has been issued against audacity. CVE-2007-6061: Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack. Please mention the CVE id in your changelog, when you fix this bug. Thanks for your efforts. Cheers Steffen [0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6061 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
