Red Hat Bugzilla – Bug 436260
CVE-2007-6061: insecure tmpfile handling
Last modified: 2008-05-13 17:06:07 EDT
Description of problem:
Viktor Griph reported that the "AudacityApp::OnInit()" method in file
src/AudacityApp.cpp does not handle temporary files properly.
A local attacker could exploit this vulnerability to conduct symlink attacks to
delete arbitrary files and directories with the privileges of the user running
Here is a patch from gentoo fixing this:
Note the date of the CVE.
Also known upstream and came up again just recently:
Users with security concerns can set a different tmp path in
the Audacity preferences.
The Gentoo patch (linked by me on audacity-devel yesterday) is
controversial for several reasons.
Already tracked via bug #393251
Final Freeze is in effect now. Security fixes almost certainly warrant a freeze
break, so in case you build a fix for this, mail release engineering as
described here: 
Any idea when this will be fixed in fedora?
Created attachment 304395 [details]
Would this be sufficient?
Upstream accepted this patch.
Fixed in upstream 1.3.5:
* Full fix for issue CVE-2007-6061 on systems where temporary directories can be
changed by other users (thanks to Michael Schwendt).