Description of problem: Viktor Griph reported that the "AudacityApp::OnInit()" method in file src/AudacityApp.cpp does not handle temporary files properly. A local attacker could exploit this vulnerability to conduct symlink attacks to delete arbitrary files and directories with the privileges of the user running Audacity. Here is a patch from gentoo fixing this: http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/media-sound/audacity/files/CVE-2007-6061.patch?rev=1.1
Note the date of the CVE. Also known upstream and came up again just recently: http://sourceforge.net/mailarchive/forum.php?thread_name=733f2c730803040303o679d28eeg224689218544d232%40mail.gmail.com&forum_name=audacity-devel Users with security concerns can set a different tmp path in the Audacity preferences. The Gentoo patch (linked by me on audacity-devel yesterday) is controversial for several reasons.
Already tracked via bug #393251
Final Freeze is in effect now. Security fixes almost certainly warrant a freeze break, so in case you build a fix for this, mail release engineering as described here: [2] [1] https://www.redhat.com/archives/fedora-devel-announce/2008-April/msg00007.html [2] http://fedoraproject.org/wiki/ReleaseEngineering/FinalFreezePolicy Thanks!
Any idea when this will be fixed in fedora?
Created attachment 304395 [details] proposed patch Would this be sufficient?
Upstream accepted this patch.
Fixed in upstream 1.3.5: http://audacity.sourceforge.net/download/features-1.3-a Security * Full fix for issue CVE-2007-6061 on systems where temporary directories can be changed by other users (thanks to Michael Schwendt).