lxterminal: insecurely uses /tmp for a socket file

[Medical Wei <mwei () lxde org>]

A vulnerability has been found that unixsocket.c in lxterminal insecurely uses
/tmp for a socket file, allowing a local user to cause a denial of service
(preventing terminal launch) or possibly have other impact.

This bug has been assigned to CVE-2016-10369 [1], and has been publicly
discussed in Stackexchange website [2].

A bug fix has been committed to the lxterminal's git repository [3], and LXDE
developers are working on a release.

[1]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10369
[2]: https://unix.stackexchange.com/questions/333539/lxterminal-in-the-netstat-output/333578
[3]: https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648

Attachment: signature.asc
Description: Message signed with OpenPGP