** Changed in: audacity (Gentoo Linux)
Importance: Unknown => Low
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/173153
Title:
[CVE-2007-6061] Denial of service and deletion of an arbitrary
dire
** Changed in: audacity (Ubuntu Edgy)
Status: Fix Committed => Fix Released
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification because you are a member of Ubuntu
Bugs
** Changed in: audacity (Ubuntu Edgy)
Status: In Progress => Fix Committed
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification because you are a member of Ubuntu
Bugs,
** Changed in: audacity (Ubuntu Edgy)
Status: Confirmed => In Progress
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification because you are a member of Ubuntu
Bugs, whi
Not that I'm an expert on these things, but I'd think that security
updates to backports belong in the backport repositories, rather than in
the security repositories. Otherwise users who did not choose to enable
backports will have a forced upgrade, which may not be to their desire.
--
[CVE-200
+audacity (1.2.6-0ubuntu1.1~edgy1) edgy-security; urgency=low
+
+ * SECURITY UPDATE: unsafe directory creation and usage.
+- moving directory to the user's home directory
+- (CVE-2007-6061; LP: #173153).
+
+ -- Emanuele Gentili <[EMAIL PROTECTED]> Sun, 10 Feb 2008 09:51:05 +0100
** Att
** Changed in: audacity (Ubuntu Feisty)
Status: Fix Committed => Fix Released
** Changed in: audacity (Ubuntu Dapper)
Status: Fix Committed => Fix Released
** Changed in: audacity (Ubuntu Gutsy)
Assignee: (unassigned) => Kees Cook (keescook)
Status: Fix Committed => Fix
Ok, Thanks Kees for the hard work :P
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ub
I've adjusted the dapper/feisty pockets, and added the inline patch to
the patches directory. I cleaned up the changelogs to follow the
examples in https://wiki.ubuntu.com/SecurityUpdateProcedures
The fixes are building now and should be published shortly. Thanks!
** Changed in: audacity (Ubu
Actually, I should have said the _fix_ looks good, but the debdiffs need
attention:
* "-security" pocket is missing for dapper, feisty, gutsy
* patch system is cdbs (it should not be patched inline) Use the "what-patch"
tool to help figure out system.
--
[CVE-2007-6061] Denial of service and
A couple notes on these debdiffs:
* changes look good. The / vs // symantics don't really require a hardy bump.
Both are "safe", and solve the security issue.
* maintainer fields for security updates don't need updating in dapper and
edgy (the build systems aren't verified to have worked with
Ultimate diff for dapper ready.
** Attachment added: "dapper_audacity_1.2.4b-2ubuntu2.1.debdiff"
http://launchpadlibrarian.net/11516407/dapper_audacity_1.2.4b-2ubuntu2.1.debdiff
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.
Ultimate diff for fix hidden directory.
Ready for feisty.
deb:
http://thc.emanuele-gentili.com/packages/security_fix/feisty/audacity/audacity_1.2.6-0ubuntu1.1_i386.deb
debdiff: attached.
** Attachment added: "feisty_audacity_1.2.6-0ubuntu1.1.debdiff"
http://launchpadlibrarian.net/11513703/fe
http://thc.emanuele-
gentili.com/packages/security_fix/gutsy/audacity/audacity_1.3.3-1ubuntu0.1_i386.deb
deb pkg patched.
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification
the leading / is not needed in /%s/ %s will be the home directory...i checked
wxwidgets code and they are catching the home dir from $HOME or from
/etc/passwd...so "%s/.audacity..." is correct, the "/%s/" will shown as
//home/user.
hardy patch wrong.
http://bugs.gentoo.org/show_bug.cgi?id=1997
Ultimate diff for fix hidden directory.
Ready for gutsy
** Attachment added: "gutsy_audacity_1.3.3-1ubuntu0.1.debdiff"
http://launchpadlibrarian.net/11498869/gutsy_audacity_1.3.3-1ubuntu0.1.debdiff
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink
+audacity (1.3.3-1ubuntu0.1) gutsy-security; urgency=low
+
+ * SECURITY UPDATE:
+- Fix insecure directory creation in /tmp by moving the directory
+ to the users home directory (CVE-2007-6061; LP: #173153).
+
+ * other update
+- debian/control Maintainer change
+
+ -- Emanuele Genti
the leading / is not needed in /%s/ %s will be the home directory...i checked
wxwidgets code and they are catching the home dir from $HOME or from
/etc/passwd...so "%s/.audacity..." is correct, the "/%s/" will shown as
//home/user.
hardy patch wrong.
http://bugs.gentoo.org/show_bug.cgi?id=1997
debdiff for hardy corrected and ready for upload.
** Attachment added: "hardy_audacity_1.3.4-1.1ubuntu2.debdiff"
http://launchpadlibrarian.net/11497873/hardy_audacity_1.3.4-1.1ubuntu2.debdiff
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attac
Patch for hardy beacuse fixed with debian wrong patch. Now corrected and
ready for upload.
** Attachment added: "hardy_audacity_1.3.4-1.1ubuntu1.1.debdiff"
http://launchpadlibrarian.net/11497787/hardy_audacity_1.3.4-1.1ubuntu1.1.debdiff
--
[CVE-2007-6061] Denial of service and deletion of an
** Changed in: audacity (Ubuntu Hardy)
Status: Fix Released => Confirmed
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification because you are a member of Ubuntu
Bugs, w
+audacity (1.3.3-1ubuntu0.1) gutsy-security; urgency=low
+
+ * SECURITY UPDATE:
+- Fix insecure directory creation in /tmp by moving the directory
+ to the users home directory (CVE-2007-6061; LP: #173153).
+
+ * other update
+- debian/control Maintainer change
+
+ -- Emanuele Genti
last patch it'snt correct, I'm working with new fix.
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for
+audacity (1.3.3-1ubuntu0.1) gutsy-security; urgency=low
+
+ * SECURITY UPDATE:
+- Fix insecure directory creation in /tmp by moving the directory
+ to the users home directory (CVE-2007-6061; LP: #173153).
+ * References
+- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
+
This bug was fixed in the package audacity - 1.3.4-1.1ubuntu1
---
audacity (1.3.4-1.1ubuntu1) hardy; urgency=low
[ Mario Bonino ]
* Merge from Debian unstable (LP: #179861) remaining changes:
- debian/patches/desktop_file.patch:
- removed deprecated Encoding field
** Changed in: audacity (Debian)
Status: New => Fix Released
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification because you are a member of Ubuntu
Bugs, which is the
** Changed in: audacity (Debian)
Status: Unknown => New
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug c
** Changed in: audacity (Gentoo Linux)
Status: Unknown => In Progress
--
[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree
via symlink attack
https://bugs.launchpad.net/bugs/173153
You received this bug notification because you are a member of Ubuntu
Bugs, whic
28 matches
Mail list logo