** Changed in: audacity (Gentoo Linux)
Importance: Unknown = Low
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/173153
Title:
[CVE-2007-6061] Denial of service and deletion of an arbitrary
** Changed in: audacity (Ubuntu Edgy)
Status: Fix Committed = Fix Released
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification because you are a member of Ubuntu
** Changed in: audacity (Ubuntu Edgy)
Status: In Progress = Fix Committed
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification because you are a member of Ubuntu
Bugs,
** Changed in: audacity (Ubuntu Edgy)
Status: Confirmed = In Progress
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification because you are a member of Ubuntu
Bugs,
Not that I'm an expert on these things, but I'd think that security
updates to backports belong in the backport repositories, rather than in
the security repositories. Otherwise users who did not choose to enable
backports will have a forced upgrade, which may not be to their desire.
--
+audacity (1.2.6-0ubuntu1.1~edgy1) edgy-security; urgency=low
+
+ * SECURITY UPDATE: unsafe directory creation and usage.
+- moving directory to the user's home directory
+- (CVE-2007-6061; LP: #173153).
+
+ -- Emanuele Gentili [EMAIL PROTECTED] Sun, 10 Feb 2008 09:51:05 +0100
**
** Changed in: audacity (Ubuntu Feisty)
Status: Fix Committed = Fix Released
** Changed in: audacity (Ubuntu Dapper)
Status: Fix Committed = Fix Released
** Changed in: audacity (Ubuntu Gutsy)
Assignee: (unassigned) = Kees Cook (keescook)
Status: Fix Committed = Fix
Actually, I should have said the _fix_ looks good, but the debdiffs need
attention:
* -security pocket is missing for dapper, feisty, gutsy
* patch system is cdbs (it should not be patched inline) Use the what-patch
tool to help figure out system.
--
[CVE-2007-6061] Denial of service and
A couple notes on these debdiffs:
* changes look good. The / vs // symantics don't really require a hardy bump.
Both are safe, and solve the security issue.
* maintainer fields for security updates don't need updating in dapper and
edgy (the build systems aren't verified to have worked with
Ok, Thanks Kees for the hard work :P
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
I've adjusted the dapper/feisty pockets, and added the inline patch to
the patches directory. I cleaned up the changelogs to follow the
examples in https://wiki.ubuntu.com/SecurityUpdateProcedures
The fixes are building now and should be published shortly. Thanks!
** Changed in: audacity
last patch it'snt correct, I'm working with new fix.
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact
+audacity (1.3.3-1ubuntu0.1) gutsy-security; urgency=low
+
+ * SECURITY UPDATE:
+- Fix insecure directory creation in /tmp by moving the directory
+ to the users home directory (CVE-2007-6061; LP: #173153).
+
+ * other update
+- debian/control Maintainer change
+
+ -- Emanuele
** Changed in: audacity (Ubuntu Hardy)
Status: Fix Released = Confirmed
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification because you are a member of Ubuntu
Bugs,
Patch for hardy beacuse fixed with debian wrong patch. Now corrected and
ready for upload.
** Attachment added: hardy_audacity_1.3.4-1.1ubuntu1.1.debdiff
http://launchpadlibrarian.net/11497787/hardy_audacity_1.3.4-1.1ubuntu1.1.debdiff
--
[CVE-2007-6061] Denial of service and deletion of an
debdiff for hardy corrected and ready for upload.
** Attachment added: hardy_audacity_1.3.4-1.1ubuntu2.debdiff
http://launchpadlibrarian.net/11497873/hardy_audacity_1.3.4-1.1ubuntu2.debdiff
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
the leading / is not needed in /%s/ %s will be the home directory...i checked
wxwidgets code and they are catching the home dir from $HOME or from
/etc/passwd...so %s/.audacity... is correct, the /%s/ will shown as
//home/user.
hardy patch wrong.
the leading / is not needed in /%s/ %s will be the home directory...i checked
wxwidgets code and they are catching the home dir from $HOME or from
/etc/passwd...so %s/.audacity... is correct, the /%s/ will shown as
//home/user.
hardy patch wrong.
Ultimate diff for fix hidden directory.
Ready for gutsy
** Attachment added: gutsy_audacity_1.3.3-1ubuntu0.1.debdiff
http://launchpadlibrarian.net/11498869/gutsy_audacity_1.3.3-1ubuntu0.1.debdiff
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink
+audacity (1.3.3-1ubuntu0.1) gutsy-security; urgency=low
+
+ * SECURITY UPDATE:
+- Fix insecure directory creation in /tmp by moving the directory
+ to the users home directory (CVE-2007-6061; LP: #173153).
+
+ * other update
+- debian/control Maintainer change
+
+ -- Emanuele
http://thc.emanuele-
gentili.com/packages/security_fix/gutsy/audacity/audacity_1.3.3-1ubuntu0.1_i386.deb
deb pkg patched.
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug
Ultimate diff for fix hidden directory.
Ready for feisty.
deb:
http://thc.emanuele-gentili.com/packages/security_fix/feisty/audacity/audacity_1.2.6-0ubuntu1.1_i386.deb
debdiff: attached.
** Attachment added: feisty_audacity_1.2.6-0ubuntu1.1.debdiff
Ultimate diff for dapper ready.
** Attachment added: dapper_audacity_1.2.4b-2ubuntu2.1.debdiff
http://launchpadlibrarian.net/11516407/dapper_audacity_1.2.4b-2ubuntu2.1.debdiff
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
** Changed in: audacity (Debian)
Status: New = Fix Released
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification because you are a member of Ubuntu
Bugs, which is the
This bug was fixed in the package audacity - 1.3.4-1.1ubuntu1
---
audacity (1.3.4-1.1ubuntu1) hardy; urgency=low
[ Mario Bonino ]
* Merge from Debian unstable (LP: #179861) remaining changes:
- debian/patches/desktop_file.patch:
- removed deprecated Encoding field
+audacity (1.3.3-1ubuntu0.1) gutsy-security; urgency=low
+
+ * SECURITY UPDATE:
+- Fix insecure directory creation in /tmp by moving the directory
+ to the users home directory (CVE-2007-6061; LP: #173153).
+ * References
+- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
+
** Changed in: audacity (Debian)
Status: Unknown = New
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug
** Changed in: audacity (Gentoo Linux)
Status: Unknown = In Progress
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification because you are a member of Ubuntu
Bugs,
28 matches
Mail list logo