Package: audacity Version: 1.3.12-7.4 Severity: important Although the umask is set to 027, the temporary directory is created with mode 755. Even worse, after manually changing the permissions to 700, audacity resets them to 755 during startup!
Severity of the bug set to important, because I consider this a (albeit minor) security problem. -- System Information: Debian Release: 6.0.5 APT prefers stable APT policy: (950, 'stable'), (800, 'testing'), (500, 'oldstable') Architecture: i386 (x86_64) Kernel: Linux 3.2.23-x86_64 (SMP w/4 CPU cores) Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash Versions of packages audacity depends on: ii audacity-data 1.3.12-7.4 A fast, cross-platform audio edito ii libasound2 1.0.25-3 shared library for ALSA applicatio ii libc6 2.13-33 Embedded GNU C Library: Shared lib ii libexpat1 2.1.0-1 XML parsing C library - runtime li ii libflac++6 1.2.1-2+b1 Free Lossless Audio Codec - C++ ru ii libflac8 1.2.1-2+b1 Free Lossless Audio Codec - runtim ii libgcc1 1:4.7.1-2 GCC support library ii libglib2.0-0 2.32.3-1 GLib library of C routines ii libgtk2.0-0 2.24.10-1 GTK+ graphical user interface libr ii libid3tag0 0.15.1b-10 ID3 tag reading library from the M ii libjack0 [libjack-0.11 1:0.118+svn3796-7 JACK Audio Connection Kit (librari ii libmad0 0.15.1b-5 MPEG audio decoder library ii libogg0 1.2.0~dfsg-1 Ogg bitstream library ii libsamplerate0 0.1.7-3 Audio sample rate conversion libra ii libsndfile1 1.0.21-3+squeeze1 Library for reading/writing audio ii libsoundtouch1c2 1.3.1-2 sound stretching library ii libstdc++6 4.7.1-2 GNU Standard C++ Library v3 ii libtwolame0 0.3.12-1 MPEG Audio Layer 2 encoding librar ii libvamp-hostsdk3 2.1-1 helper library for Vamp hosts writ ii libvorbis0a 1.3.1-1+squeeze1 The Vorbis General Audio Compressi ii libvorbisenc2 1.3.1-1+squeeze1 The Vorbis General Audio Compressi ii libvorbisfile3 1.3.1-1+squeeze1 The Vorbis General Audio Compressi ii libwxbase2.8-0 2.8.10.1-3+b1 wxBase library (runtime) - non-GUI ii libwxgtk2.8-0 2.8.10.1-3+b1 wxWidgets Cross-platform C++ GUI t Versions of packages audacity recommends: ii libavcodec52 5:0.7.13-dmo2 Library to encode decode multimedi ii libavformat52 5:0.7.13-dmo2 ffmpeg file format library. Versions of packages audacity suggests: pn ladspa-plugin <none> (no description available) ii libmp3lame0 1:3.99.5-dmo1 LAME Ain't an MP3 Encoder (shared -- no debconf information _______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
