{"id":"MGASA-2021-0001","summary":"Updated audacity package fixes security vulnerability","details":"Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by\ndefault. After Audacity creates the temporary directory, it sets its\npermissions to 755. Any user on the system can read and play the temporary\naudio .au files located there (CVE-2020-11867).\n","modified":"2026-02-04T04:35:15.021643Z","published":"2021-01-02T21:52:25Z","related":["CVE-2020-11867"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0001.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=27850"},{"type":"REPORT","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MIO5YFJW5KODA2NDQAAMKAOM57Z2ZM4W/"}],"affected":[{"package":{"name":"audacity","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/audacity?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.1-1.2.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0001.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}