Bug#453283: CVE-2007-6061: possible symlink attack
Package: audacity
Severity: grave
Tags: security
Justification: user security hole
Hi
The following CVE[0] has been issued against audacity.
CVE-2007-6061:
Audacity 1.3.2 creates a temporary directory with a predictable name
without checking for previous existence of that directory, which allows
local users to cause a denial of service (recording deadlock) by
creating the directory before Audacity is run. NOTE: this issue can be
leveraged to delete arbitrary files or directories via a symlink attack.
Please mention the CVE id in your changelog, when you fix this bug.
Thanks for your efforts.
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6061
Reply to: