*** This bug is a security vulnerability *** Public security bug reported:
PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability). This is tracked in CVE-2017-8934, and should be fixed. ** Affects: pcmanfm (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: pcmanfm (Ubuntu Trusty) Importance: Undecided Assignee: Simon Quigley (tsimonq2) Status: In Progress ** Affects: pcmanfm (Ubuntu Xenial) Importance: Undecided Assignee: Simon Quigley (tsimonq2) Status: In Progress ** Affects: pcmanfm (Ubuntu Zesty) Importance: Undecided Assignee: Simon Quigley (tsimonq2) Status: In Progress ** Information type changed from Public to Public Security ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8934 ** Summary changed: - Fix potential access violation, use runtime user dir instead of tmp dir. + Fix potential access violation, use runtime user dir instead of tmp dir -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1708542 Title: Fix potential access violation, use runtime user dir instead of tmp dir To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pcmanfm/+bug/1708542/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs