From ${URL} : /tmp/VMwareDnD is a staging directory used for DnD and CnP. It should be a regular directory, but malicious code or user may create the /tmp/VMwareDnD as a symbolic link which points elsewhere on the system. This may provide user access to user B's files. Do not set the permission of the root directory if the root directory already exists and has the wrong permission. The permission of the directory must be 1777 if it is created by the VMToolsi. If not, then the directory has been created or modified by malicious code or user, so just cancel the host to guest DnD or CnP operation. @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1014d67b6fef117cf70dbedd46149195b129fa00 commit 1014d67b6fef117cf70dbedd46149195b129fa00 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2019-04-12 17:51:58 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2019-04-12 17:52:48 +0000 app-emulation/open-vm-tools: bump to 10.3.10 Closes: https://bugs.gentoo.org/683134 Package-Manager: Portage-2.3.62_p4, Repoman-2.3.12_p87 Signed-off-by: Mike Gilbert <floppym@gentoo.org> app-emulation/open-vm-tools/Manifest | 2 +- .../{open-vm-tools-10.3.5.ebuild => open-vm-tools-10.3.10.ebuild} | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)
