Candidate: CVE-2017-8933
PublicDate: 2017-05-15 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8933
 https://bugs.debian.org/862570
Description:
 Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a
 local user to cause a denial of service (menu unavailability).
Ubuntu-Description:
Notes:
 seth-arnold> The security fix only works when compiled against a new-enough
  glib: 2.28.0. The commit message also says only menu-cache >= 0.7.0.
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862570
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L [3.3 LOW]

Patches_menu-cache:
 upstream: https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commit;h=56f66684592abf257c4004e6e1fff041c64a12ce
upstream_menu-cache: released (1.0.2-3)
precise/esm_menu-cache: DNE
trusty_menu-cache: released (0.5.1-1ubuntu1.1)
trusty/esm_menu-cache: DNE (trusty was released [0.5.1-1ubuntu1.1])
vivid/stable-phone-overlay_menu-cache: DNE
vivid/ubuntu-core_menu-cache: DNE
xenial_menu-cache: released (1.0.1-1ubuntu0.1)
yakkety_menu-cache: ignored (reached end-of-life)
zesty_menu-cache: released (1.0.2-1ubuntu0.1)
devel_menu-cache: not-affected (1.0.2-3)