From ${URL} : Insecure temporary file creation in get_socket_name function was found leading to potential access violation. Upstream patch: https://git.lxde.org/gitweb/?p=lxde/pcmanfm.git;a=commitdiff;h=bc8c3d871e9ecc67c47ff002b68cf049793faf08 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
https://github.com/gentoo/gentoo/pull/5118
commit 3e7da11f260f36acddc64b074d2eef63bb1a14b6 Author: charIes17 <charles17@arcor.de> Date: Mon Jul 17 09:36:09 2017 +0200 x11-misc/pcmanfm: Add patch for CVE-2017-8934 Bug: https://bugs.gentoo.org/show_bug.cgi?id=618622 Bug: https://bugs.gentoo.org/show_bug.cgi?id=624938
GLSA Vote: No
(Note that this didn't get a revbump for the patch, but it is there.)
(In reply to sam_c (Security Padawan) from comment #4) > (Note that this didn't get a revbump for the patch, but it is there.) In the meantime a new version has been added and is also stabilized on all archs, so I'm going to fix this by removing the older versions.
