Package: audacity Version: 1.3.5-2 Severity: grave Tags: security Justification: user security hole
There is a buffer overflow in audacity apparently affecting the etch and lenny version. You can find a reproducer here[0]. However, I just took a random .gro file and when importing it under Projects with import midi (I tested under etch), it produced a buffer overflow. More information can be found here[1] or in the gentoo bugreport[2]. I'll post the CVE id here, once it has been assigned. Please check with upstream, whether they are aware of the issue and working on a patch. Cheers Steffen [0]: http://www.milw0rm.com/exploits/7634 [1]: http://secunia.com/advisories/33356/ [2]: https://bugs.gentoo.org/show_bug.cgi?id=253493 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
