CVE-2017-8933

Name	CVE-2017-8933
Description	Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability).
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	ELA-714-1
Debian Bugs	862570

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
menu-cache (PTS)	jessie, jessie (lts)	1.0.0-1+deb8u1	fixed
	stretch	1.0.2-3	fixed
	buster	1.1.0-1	fixed
	sid, trixie, bullseye, bookworm	1.1.0-1.1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
menu-cache	source	jessie	1.0.0-1+deb8u1		ELA-714-1
menu-cache	source	(unstable)	1.0.2-3	low		862570

Notes

[jessie] - menu-cache <no-dsa> (Minor issue)
[wheezy] - menu-cache <no-dsa> (Minor issue)
Fixed by: https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commitdiff;h=56f66684592abf257c4004e6e1fff041c64a12ce