-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-3456 2008-05-09 22:16:03 --------------------------------------------------------------------------------
Name : audacity Product : Fedora 8 Version : 1.3.2 Release : 21.fc8 URL : http://audacity.sourceforge.net Summary : A multitrack audio editor Description : Audacity is a cross-platform multitrack audio editor. It allows you to record sounds directly or to import Ogg, WAV, AIFF, AU, IRCAM, or MP3 files. It features a few simple effects, all of the editing features you should need, and unlimited undo. The GUI was built with wxWindows and the audio I/O currently uses OSS under Linux. Audacity runs on Linux/*BSD, MacOS, and Windows. -------------------------------------------------------------------------------- Update Information: A local attacker could exploit Audacity's insecure handling of the directory for temporary files to conduct symlink attacks in order to delete arbitrary files and directories with the privileges of the user running Audacity. -------------------------------------------------------------------------------- ChangeLog: * Sat May 3 2008 Michael Schwendt <[EMAIL PROTECTED]> - 1.3.2-21 - check ownership of temporary files directory (#436260) (CVE-2007-6061) * Fri Mar 21 2008 Michael Schwendt <[EMAIL PROTECTED]> - 1.3.2-20 - make soundtouch and allegro build with RPM optflags * Sun Feb 10 2008 Michael Schwendt <[EMAIL PROTECTED]> - 1.3.2-19 - rawhide: patch for JACK 0.109.0 API changes (jack_port_lock/unlock removal). - rebuilt for GCC 4.3 as requested by Fedora Release Engineering - subst _libdir in ladspa plugin loader * Thu Jan 3 2008 Michael Schwendt <[EMAIL PROTECTED]> - 1.3.2-18 - Patch for GCC 4.3.0 C++. * Fri Nov 16 2007 Michael Schwendt <[EMAIL PROTECTED]> - 1.3.2-17 - rebuilt for FLAC 1.1.4 -> 1.2.x upgrade, which broke FLAC import -------------------------------------------------------------------------------- References: [ 1 ] Bug #393251 - CVE-2007-6061 Audacity insecure temporary file handling https://bugzilla.redhat.com/show_bug.cgi?id=393251 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update audacity' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce