Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 618622 (CVE-2017-8934) - <x11-misc/pcmanfm-1.2.3: Insecure temporary file creation in get_socket_name function
Summary: <x11-misc/pcmanfm-1.2.3: Insecure temporary file creation in get_socket_name ...
Alias: CVE-2017-8934
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on:
Blocks: 625180
  Show dependency tree
Reported: 2017-05-16 07:23 UTC by Agostino Sarubbo
Modified: 2017-08-06 20:04 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-05-16 07:23:51 UTC
From ${URL} :

Insecure temporary file creation in get_socket_name function was found leading to potential access violation.

Upstream patch:;a=commitdiff;h=bc8c3d871e9ecc67c47ff002b68cf049793faf08

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 charles17 2017-07-17 08:16:03 UTC
Comment 2 David Seifert gentoo-dev 2017-07-30 15:14:13 UTC
commit 3e7da11f260f36acddc64b074d2eef63bb1a14b6
Author: charIes17 <>
Date:   Mon Jul 17 09:36:09 2017 +0200

    x11-misc/pcmanfm: Add patch for CVE-2017-8934
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-08-06 20:04:28 UTC
GLSA Vote: No