Is stable 1.2.6 vulnerable?

This section is now closed.
Forum rules
Audacity 1.2.x is now obsolete. Please use the current Audacity 2.1.x version.

The final version of Audacity for Windows 98/ME is the legacy 2.0.0 version.
Locked
neilg
Posts: 2
Joined: Tue Feb 26, 2008 6:55 pm
Operating System: Please select

Is stable 1.2.6 vulnerable?

Post by neilg » Wed Feb 27, 2008 4:38 pm

The vulnerability published in CVE-2007-6061 in 1.3.x code http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6061?. The security issue is caused due to the "AudacityApp::OnInit()" method in src/AudacityApp.cpp handling temporary files in an insecure manner. which can be exploited to delete arbitrary files and directories via symlink attacks, or to cause a deadlock.

Is this issue present in the 1.2.6 stable release?

Thanks,
Top
steve
Site Admin
Posts: 81629
Joined: Sat Dec 01, 2007 11:43 am
Operating System: Linux *buntu

Re: Is stable 1.2.6 vulnerable?

Post by steve » Wed Feb 27, 2008 6:17 pm

This refers to a very old version of Audacity and it looks like it's fixed.
9/10 questions are answered in the FREQUENTLY ASKED QUESTIONS (FAQ)
Top
Locked

Return to “Windows”