CVE 2007-6061
Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.
Related bugs and status
CVE-2007-6061 (Candidate) is related to these bugs:
Bug #173153: [CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree via symlink attack
Bug #179861: Please merge audacity 1.3.4-1 from Debian unstable
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 179861 | Please merge audacity 1.3.4-1 from Debian unstable | audacity (Ubuntu) | Undecided | Fix Released | ||
Bug #276043: Please add a prefix option for the filenames in Export Multiple
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 276043 | Please add a prefix option for the filenames in Export Multiple | audacity (Ubuntu) | Wishlist | Fix Released | ||
Bug #292168: audacity shouldn't ask which language to use
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 292168 | audacity shouldn't ask which language to use | audacity (Ubuntu) | Wishlist | Fix Released | ||
| 292168 | audacity shouldn't ask which language to use | audacity (Debian) | Unknown | Fix Released | ||
Bug #1991252: FFe: Sync audacity 3.2.0+dfsg-1 (universe) from Debian unstable (main)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1991252 | FFe: Sync audacity 3.2.0+dfsg-1 (universe) from Debian unstable (main) | audacity (Ubuntu) | Wishlist | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
