Candidate: CVE-2017-8934
PublicDate: 2017-05-15 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8934
 https://bugs.debian.org/862571
Description:
 PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user
 to cause a denial of service (application unavailability).
Ubuntu-Description:
Notes:
 seth-arnold> requires glib > 2.28.0
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862571
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_pcmanfm:
 upstream: https://git.lxde.org/gitweb/?p=lxde/pcmanfm.git;a=commit;h=bc8c3d871e9ecc67c47ff002b68cf049793faf08
upstream_pcmanfm: released (1.2.5-3)
precise/esm_pcmanfm: DNE
trusty_pcmanfm: released (1.2.0-1ubuntu0.1)
trusty/esm_pcmanfm: DNE (trusty was released [1.2.0-1ubuntu0.1])
vivid/stable-phone-overlay_pcmanfm: DNE
vivid/ubuntu-core_pcmanfm: DNE
xenial_pcmanfm: released (1.2.4-1ubuntu0.1)
yakkety_pcmanfm: ignored (reached end-of-life)
zesty_pcmanfm: released (1.2.5-2ubuntu0.1)
devel_pcmanfm: not-affected (1.2.5-3)