Mageia 2021-0001: audacity security update
Summary
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by
default. After Audacity creates the temporary directory, it sets its
permissions to 755. Any user on the system can read and play the temporary
audio .au files located there (CVE-2020-11867).
References
- https://bugs.mageia.org/show_bug.cgi?id=27850
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MIO5YFJW5KODA2NDQAAMKAOM57Z2ZM4W/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11867
Resolution
MGASA-2021-0001 - Updated audacity package fixes security vulnerability
SRPMS
- 7/core/audacity-2.3.1-1.2.mga7