Debian Package Tracker

general

source: audacity (main)
version: 2.4.2~dfsg0-3
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: Benjamin Drung [DMD] – David Henningsson [DMD] – Free Ekanayaka [DMD] – Dennis Braun [DMD] – Jaromír Mikeš [DMD] [DM]
arch: all any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.0.6-2
oldstable: 2.1.2-2
stable: 2.2.2-1
testing: 2.4.2~dfsg0-3
unstable: 2.4.2~dfsg0-3

versioned links

2.0.6-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.2~dfsg0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

audacity (75 bugs: 0, 63, 12, 0)
audacity-data (2 bugs: 0, 2, 0, 0)

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2020-11867: Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.

Please fix it.

Created: 2020-12-08 Last update: 2020-12-09 13:35

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2020-11867: Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.

Please fix it.

Created: 2020-12-08 Last update: 2020-12-09 13:35

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2020-12-29 Last update: 2021-01-24 06:56

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2.4.2~dfsg0-4, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 8c7957ffb46feab006cd99bd051077d713b81e8c
Author: Sebastian Ramacher <sramacher@debian.org>
Date:   Fri Jan 1 01:48:24 2021 +0100

    Fix bug number

commit 1c543ee119fa79c347a86546997cb232dce82829
Author: Dennis Braun <d_braun@kabelmail.de>
Date:   Tue Dec 8 23:49:47 2020 +0100

    Add 0006-Fix_CVE-2020-11867.patch ^^

commit a2025455dfd74e4127b374a76328b020250a192d
Author: Dennis Braun <d_braun@kabelmail.de>
Date:   Tue Dec 8 23:46:44 2020 +0100

    Update d/changelog for 2.4.2~dfsg0-4

commit 7f0cb437a1f0231bb21e8c3e8cba68135ea6216b
Author: Dennis Braun <d_braun@kabelmail.de>
Date:   Tue Dec 8 23:45:35 2020 +0100

    Bump S-V to 4.5.1, no changes needed

commit e770a95316ec6cede0ffeecdaa272efa9fd8c6b3
Author: Dennis Braun <d_braun@kabelmail.de>
Date:   Tue Dec 8 23:44:45 2020 +0100

    Fix temporary audio .au files exposure (CVE-2020-11867). (Closes: #976874)

commit ec4ff31207413cd59935cf1f06e7bd3f53e09ea0
Author: Sebastian Ramacher <sramacher@debian.org>
Date:   Sat Sep 5 09:58:06 2020 +0200

    Bump cmake requirement
    
    Closes: #959571

Created: 2020-09-05 Last update: 2021-01-17 10:07

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2020-08-22 Last update: 2020-08-22 06:03

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2020-11867: Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.

Please fix it.

Created: 2020-12-08 Last update: 2020-12-09 13:35

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2020-11867: Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.

Please fix it.

Created: 2020-12-08 Last update: 2020-12-09 13:35

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2015-08-24 Last update: 2016-01-30 01:05

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).

Created: 2020-11-17 Last update: 2020-11-17 05:41

news

[rss feed]

[2020-07-29] audacity 2.4.2~dfsg0-3 MIGRATED to testing (Debian testing watch)
[2020-07-23] Accepted audacity 2.4.2~dfsg0-3 (source) into unstable (Sebastian Ramacher)
[2020-07-23] Accepted audacity 2.4.2~dfsg0-2 (source) into unstable (Sebastian Ramacher)
[2020-07-23] Accepted audacity 2.4.2~dfsg0-1 (source) into unstable (Sebastian Ramacher)
[2020-05-12] audacity 2.3.3-2 MIGRATED to testing (Debian testing watch)
[2020-05-06] Accepted audacity 2.3.3-2 (source) into unstable (Dennis Braun) (signed by: Sebastian Ramacher)
[2019-12-16] audacity 2.3.3-1 MIGRATED to testing (Debian testing watch)
[2019-12-11] Accepted audacity 2.3.3-1 (source) into unstable (Dennis Braun) (signed by: Adam Borowski)
[2019-08-11] audacity 2.3.2-2 MIGRATED to testing (Debian testing watch)
[2019-08-06] Accepted audacity 2.3.2-2 (source) into unstable (Unit193) (signed by: Unit 193)
[2019-07-23] Accepted audacity 2.3.2-1 (source) into unstable (Unit 193)
[2018-06-11] audacity 2.2.2-1 MIGRATED to testing (Debian testing watch)
[2018-06-06] Accepted audacity 2.2.2-1 (source) into unstable (James Cowgill)
[2018-02-12] Accepted audacity 2.0.1-1+deb7u1 (source amd64 all) into oldoldstable (Roberto C. Sanchez)
[2017-12-17] audacity 2.2.1-1 MIGRATED to testing (Debian testing watch)
[2017-12-11] Accepted audacity 2.2.1-1 (source) into unstable (Jaromír Mikeš)
[2017-11-30] audacity 2.2.0-2 MIGRATED to testing (Debian testing watch)
[2017-11-25] Accepted audacity 2.2.0-2 (source) into unstable (Jaromír Mikeš)
[2017-11-19] Accepted audacity 2.2.0-1 (source) into unstable (Jaromír Mikeš) (signed by: Sebastian Ramacher)
[2016-11-30] audacity 2.1.2-2 MIGRATED to testing (Debian testing watch)
[2016-11-24] Accepted audacity 2.1.2-2 (source) into unstable (Free Ekanayaka)
[2016-02-04] audacity 2.1.2-1 MIGRATED to testing (Debian testing watch)
[2016-01-29] Accepted audacity 2.1.2-1 (source all) into unstable (Sebastian Ramacher)
[2016-01-12] Accepted audacity 2.1.2~rc2-1 (source all) into experimental (Sebastian Ramacher)
[2015-12-07] Accepted audacity 2.1.2~rc1-1 (source all) into experimental (Sebastian Ramacher)
[2014-11-05] audacity 2.0.6-2 MIGRATED to testing (Britney)
[2014-10-25] Accepted audacity 2.0.6-2 (source amd64 all) into unstable (Benjamin Drung)
[2014-10-21] audacity 2.0.6-1 MIGRATED to testing (Britney)
[2014-10-13] Accepted audacity 2.0.6-1 (source amd64 all) into unstable (Benjamin Drung)
[2014-06-06] audacity 2.0.5-2 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 78 79
RC: 0
I&N: 65 66
M&W: 12
F&P: 1
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (-, 60)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.4.2~dfsg0-3
108 bugs