Bug 393251 (CVE-2007-6061)
Summary: | CVE-2007-6061 Audacity insecure temporary file handling | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Red Hat Product Security <security-response-team> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | gemi, helpdesk-rnd |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.gentoo.org/show_bug.cgi?id=199751 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-07-25 10:18:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 436260 | ||
Bug Blocks: |
Description
Lubomir Kundrak
2007-11-20 21:59:26 UTC
s/Anaconda/Audacity/ CVE identifier for this issue was requested. Gentoo has released a security advisory to address this flaw: http://www.gentoo.org/security/en/glsa/glsa-200803-03.xml Here is the patch used by Gentoo: http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-sound/audacity/files/CVE-2007-6061.patch Upstream discussion related to Gentoo patch: http://sourceforge.net/mailarchive/forum.php?thread_name=733f2c730803040303o679d28eeg224689218544d232%40mail.gmail.com&forum_name=audacity-devel Any idea, as to when this will be fixed in fedora? audacity-1.3.2-21.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. audacity-1.3.2-21.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. Auto-closing this failed due to a bug in bodhi. opening, shouldn't be autoclosed as this is the bug we use for tracing audacity across all red hat products and services, not just Fedora. This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-3456 Reporter changed to security-response-team by request of Jay Turner. |