diff --git a/audacity-1.3.2-CVE-2007-6061.patch b/audacity-1.3.2-CVE-2007-6061.patch
new file mode 100644
index 0000000..bb1f4fd
--- /dev/null
+++ b/audacity-1.3.2-CVE-2007-6061.patch
@@ -0,0 +1,35 @@
+diff -Nur audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp audacity-src-1.3.2-beta/src/AudacityApp.cpp
+--- audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp	2006-10-29 01:05:26.000000000 +0200
++++ audacity-src-1.3.2-beta/src/AudacityApp.cpp	2008-05-02 17:46:49.000000000 +0200
+@@ -821,7 +821,7 @@
+    if (tempFromPrefs != wxT("")) {
+       if (wxDirExists(tempFromPrefs))
+          temp = tempFromPrefs;
+-      else if (wxMkdir(tempFromPrefs))
++      else if (wxMkdir(tempFromPrefs, 0755))
+          temp = tempFromPrefs;
+    }
+ 
+@@ -830,10 +830,21 @@
+    if (temp==wxT("") && tempDefaultLoc != wxT("")) {
+       if (wxDirExists(tempDefaultLoc))
+          temp = tempDefaultLoc;
+-      else if (wxMkdir(tempDefaultLoc))
++      else if (wxMkdir(tempDefaultLoc, 0755))
+          temp = tempDefaultLoc;
+    }
+ 
++   // Check temp directory ownership.
++   struct stat tempStatBuf;
++   if ( lstat(temp.mb_str(), &tempStatBuf) != 0 ) {
++      temp.clear();
++   }
++   else {
++      if ( geteuid() != tempStatBuf.st_uid ) {
++         temp.clear();
++      }
++   }
++
+    if (temp == wxT("")) {
+       // Failed
+       wxMessageBox(_("Audacity could not find a place to store temporary files.\nPlease enter an appropriate directory in the preferences dialog."));
diff --git a/audacity.spec b/audacity.spec
index 291b3c6..f96beee 100644
--- a/audacity.spec
+++ b/audacity.spec
@@ -1,6 +1,6 @@
 Name:           audacity
 Version:        1.3.2
-Release:        20%{?dist}
+Release:        21%{?dist}
 Summary:        A multitrack audio editor
 
 Group:          Applications/Multimedia
@@ -22,6 +22,7 @@ Patch9:         audacity-1.3.2-libdir.patch
 Patch10:        audacity-1.3.2-jack-api-109.patch
 Patch11:        audacity-1.3.2-soundtouch-cxxflags.patch
 Patch12:        audacity-1.3.2-allegro-cflags.patch
+Patch13:        audacity-1.3.2-CVE-2007-6061.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  alsa-lib-devel
 BuildRequires:  desktop-file-utils
@@ -80,6 +81,7 @@ grep -q -s __RPM_LIB * -R && exit 1
 %endif
 %patch11 -p1 -b .soundtouch-cxxflags
 %patch12 -p1 -b .allegro-cflags
+%patch13 -p1 -b .CVE-2007-6061
 
 # Substitute occurences of "libmp3lame.so" with "libmp3lame.so.0".
 for i in help/wxhelp/audacity.hhk help/wxhelp/exportmp3.htm locale/*.po src/export/ExportMP3.cpp
@@ -158,6 +160,9 @@ umask 022
 
 
 %changelog
+* Sat May  3 2008 Michael Schwendt <mschwendt@fedoraproject.org> - 1.3.2-21
+- check ownership of temporary files directory (#436260) (CVE-2007-6061)
+
 * Fri Mar 21 2008 Michael Schwendt <mschwendt@fedoraproject.org> - 1.3.2-20
 - make soundtouch and allegro build with RPM optflags