Steffen Joeris
2009-Feb-04 17:35 UTC
[Secure-testing-team] Bug#514138: audacity: buffer overflow
Package: audacity Version: 1.3.5-2 Severity: grave Tags: security Justification: user security hole There is a buffer overflow in audacity apparently affecting the etch and lenny version. You can find a reproducer here[0]. However, I just took a random .gro file and when importing it under Projects with import midi (I tested under etch), it produced a buffer overflow. More information can be found here[1] or in the gentoo bugreport[2]. I''ll post the CVE id here, once it has been assigned. Please check with upstream, whether they are aware of the issue and working on a patch. Cheers Steffen [0]: http://www.milw0rm.com/exploits/7634 [1]: http://secunia.com/advisories/33356/ [2]: https://bugs.gentoo.org/show_bug.cgi?id=253493