MGASA-2021-0001 - Updated audacity package fixes security vulnerability

Publication date: 02 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0001.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-11867

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by
default. After Audacity creates the temporary directory, it sets its
permissions to 755. Any user on the system can read and play the temporary
audio .au files located there (CVE-2020-11867).

References:
- https://bugs.mageia.org/show_bug.cgi?id=27850
- https://lists.opensuse.org/archives/list/[email protected]/thread/MIO5YFJW5KODA2NDQAAMKAOM57Z2ZM4W/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11867

SRPMS:
- 7/core/audacity-2.3.1-1.2.mga7