[SCM] Audacity debian packaging branch, master, updated. debian/1.3.7-3-44-g222419e
bdrung-guest at users.alioth.debian.org
bdrung-guest at users.alioth.debian.org
Tue Sep 8 11:22:13 UTC 2009
The following commit has been merged in the master branch:
commit 55b900c2b7df799fcbc3d2b5c707952ddd00b761
Author: Benjamin Drung <bdrung at gmail.com>
Date: Tue Sep 8 13:11:57 2009 +0200
Drop CVE-2007-6061.patch and remove notice from NEWS file. The security issue is fixed since version 1.3.5 and /tmp can be used as temporary directory again.
diff --git a/debian/NEWS b/debian/NEWS
index 09294b6..17ed8fc 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -11,14 +11,3 @@ audacity (1.3.6-3) unstable; urgency=low
plug-ins!
-- Fabian Greffrath <fabian at debian-unofficial.org> Tue, 20 Jan 2009 09:15:11 +0100
-
-audacity (1.3.4-1.1) unstable; urgency=high
-
- * This update fixes a security issue (CVE-2007-6061).
- * Please either delete both ~/.audacity-data/audacity.cfg and
- ~/.audacity or change the value of TempDir in audacity.cfg to
- <PATHTOYOURHOME>/.audacity1.3-<YOURUSERNAME>
- to prevent other local users from performing a symlink attack
- resulting in potential data loss of your local files.
-
- -- Nico Golde <nion at debian.org> Mon, 21 Jan 2008 19:08:54 +0100
diff --git a/debian/patches/CVE-2007-6061.patch b/debian/patches/CVE-2007-6061.patch
deleted file mode 100644
index f1cc36c..0000000
--- a/debian/patches/CVE-2007-6061.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: Fix insecure directory creation in /tmp
-Origin: vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=34;bug=453283
-Bug-Debian: http://bugs.debian.org/453283
-Forwarded: yes
---- src/AudacityApp.cpp.orig 2008-05-14 14:10:49.000000000 +0100
-+++ src/AudacityApp.cpp 2008-05-14 14:12:58.000000000 +0100
-@@ -610,7 +610,8 @@
- * The user's .audacity-files directory in their home directory
- * The "share" and "share/doc" directories in their install path */
- #ifdef __WXGTK__
-- defaultTempDir.Printf(wxT("/tmp/audacity-%s"), wxGetUserId().c_str());
-+ defaultTempDir.Printf(wxT("%s/.audacity%d.%d-%s"), home.c_str(),
-+ AUDACITY_VERSION, AUDACITY_RELEASE, wxGetUserId().c_str());
-
- wxString pathVar = wxGetenv(wxT("AUDACITY_PATH"));
- if (pathVar != wxT(""))
--
Audacity debian packaging
More information about the pkg-multimedia-commits
mailing list