Package: libmenu-cache3 Version: 1.0.2-2 Severity: serious Tags: upstream security
The socket placed in /tmp is predictable and public-writable. Therefore if one user placed a symlink to another socket instead of socket for another use then said another user will either be unable to get menu, or will receive menu of some other user. Upstream released a fix for this issue: https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commitdiff;h=56f66684592abf257c4004e6e1fff041c64a12ce
