[Pkg-lxde-maintainers] Bug#862571: pcmanfm: single instance socket may be blocked by another user.

Andriy Grytsenko andrej at rep.kiev.ua
Sun May 14 19:28:24 UTC 2017

Package: pcmanfm
Version: 1.2.5-2
Version: 1.2.3-1.1
Severity: serious
Tags: upstream security

The socket placed in /tmp is predictable and public-writable. Therefore
if one user placed a symlink to another socket instead of socket for
another user then said another user will either be unable to use pcmanfm,
or may send requests to the first user's pcmanfm. Upstream released a fix
for this issue:


More information about the Pkg-lxde-maintainers mailing list