CVE 2007-6061
Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.
Related bugs and status
CVE-2007-6061 (Candidate) is related to these bugs:
Bug #173153: [CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree via symlink attack
Bug #179861: Please merge audacity 1.3.4-1 from Debian unstable
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
179861 | Please merge audacity 1.3.4-1 from Debian unstable | audacity (Ubuntu) | Undecided | Fix Released |
Bug #276043: Please add a prefix option for the filenames in Export Multiple
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
276043 | Please add a prefix option for the filenames in Export Multiple | audacity (Ubuntu) | Wishlist | Fix Released |
Bug #292168: audacity shouldn't ask which language to use
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
292168 | audacity shouldn't ask which language to use | audacity (Ubuntu) | Wishlist | Fix Released | ||
292168 | audacity shouldn't ask which language to use | audacity (Debian) | Unknown | Fix Released |
Bug #1991252: FFe: Sync audacity 3.2.0+dfsg-1 (universe) from Debian unstable (main)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1991252 | FFe: Sync audacity 3.2.0+dfsg-1 (universe) from Debian unstable (main) | audacity (Ubuntu) | Wishlist | Fix Released |
See the
CVE page on Mitre.org
for more details.