*** This bug is a security vulnerability ***
Public security bug reported:
PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user
to cause a denial of service (application unavailability). This is tracked in
CVE-2017-8934, and should be fixed.
** Affects: pcmanfm (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: pcmanfm (Ubuntu Trusty)
Importance: Undecided
Assignee: Simon Quigley (tsimonq2)
Status: In Progress
** Affects: pcmanfm (Ubuntu Xenial)
Importance: Undecided
Assignee: Simon Quigley (tsimonq2)
Status: In Progress
** Affects: pcmanfm (Ubuntu Zesty)
Importance: Undecided
Assignee: Simon Quigley (tsimonq2)
Status: In Progress
** Information type changed from Public to Public Security
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8934
** Summary changed:
- Fix potential access violation, use runtime user dir instead of tmp dir.
+ Fix potential access violation, use runtime user dir instead of tmp dir
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1708542
Title:
Fix potential access violation, use runtime user dir instead of tmp
dir
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pcmanfm/+bug/1708542/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
