Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 618622 (CVE-2017-8934) - <x11-misc/pcmanfm-1.2.3: Insecure temporary file creation in get_socket_name function
Summary: <x11-misc/pcmanfm-1.2.3: Insecure temporary file creation in get_socket_name ...
Status: RESOLVED FIXED
Alias: CVE-2017-8934
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks: 625180
  Show dependency tree
 
Reported: 2017-05-16 07:23 UTC by Agostino Sarubbo
Modified: 2017-08-06 20:04 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-05-16 07:23:51 UTC
From ${URL} :

Insecure temporary file creation in get_socket_name function was found leading to potential access violation.

Upstream patch:

https://git.lxde.org/gitweb/?p=lxde/pcmanfm.git;a=commitdiff;h=bc8c3d871e9ecc67c47ff002b68cf049793faf08


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 charles17 2017-07-17 08:16:03 UTC
https://github.com/gentoo/gentoo/pull/5118
Comment 2 David Seifert gentoo-dev 2017-07-30 15:14:13 UTC
commit 3e7da11f260f36acddc64b074d2eef63bb1a14b6
Author: charIes17 <charles17@arcor.de>
Date:   Mon Jul 17 09:36:09 2017 +0200

    x11-misc/pcmanfm: Add patch for CVE-2017-8934
    
    Bug: https://bugs.gentoo.org/show_bug.cgi?id=618622
    Bug: https://bugs.gentoo.org/show_bug.cgi?id=624938
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-08-06 20:04:28 UTC
GLSA Vote: No