[Pkg-lxde-maintainers] Bug#862570: libmenu-cache: menu-cached socket may be blocked by another user.

Andriy Grytsenko andrej at rep.kiev.ua
Sun May 14 19:17:18 UTC 2017

Package: libmenu-cache3
Version: 1.0.2-2
Severity: serious
Tags: upstream security

The socket placed in /tmp is predictable and public-writable. Therefore
if one user placed a symlink to another socket instead of socket for
another use then said another user will either be unable to get menu, or
will receive menu of some other user. Upstream released a fix for this


More information about the Pkg-lxde-maintainers mailing list