group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1708542] Re: Fix potential access violation, use runtime user dir instead of tmp dir

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1708542@xxxxxxxxxxxxxxxxxx>
Date: Mon, 07 Aug 2017 14:11:15 -0000
Reply-to: Bug 1708542 <1708542@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package pcmanfm - 1.2.5-2ubuntu0.1

---------------
pcmanfm (1.2.5-2ubuntu0.1) zesty-security; urgency=medium

  * SECURITY UPDATE: Fix potential access violation, use runtime user dir
    instead of tmp dir (LP: #1708542)
    - fix-CVE-2017-8934.patch
    - CVE-2017-8934

 -- Simon Quigley <tsimonq2@xxxxxxxxxx>  Thu, 03 Aug 2017 17:24:30 -0500

** Changed in: pcmanfm (Ubuntu Zesty)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1708542

Title:
  Fix potential access violation, use runtime user dir instead of tmp
  dir

Status in pcmanfm package in Ubuntu:
  Fix Released
Status in pcmanfm source package in Trusty:
  Fix Released
Status in pcmanfm source package in Xenial:
  Fix Released
Status in pcmanfm source package in Zesty:
  Fix Released

Bug description:
  PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user
  to cause a denial of service (application unavailability). This is tracked in CVE-2017-8934, and should be fixed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pcmanfm/+bug/1708542/+subscriptions