Bugzilla – Bug 1113079
VUL-1: CVE-2018-18398: Thunar: mishandling the IBus-Unikey input method for file searches within File Manager
Last modified: 2019-04-11 21:37:49 UTC
Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input
method for file searches within File Manager, leading to an out-of-bounds read
and SEGV. This could potentially be exploited by an arbitrary local user who
creates files in /tmp before the victim uses this input method.
Couldn't find a patch, so I am unsure if opensuse is affected.
In Leap 42.3 Thunar is v1.6.10, in Leap 15 it's 1.6.14, TW has 1.8.4. So none of the officially supported Distribution version matches the reportedly problematic version of Thunar.
Furthermore Leap 42.3 is expectedly EOL in June 2019. So I guess this problem is obsolete?
No reply since 2019-03-21. As none of the officially supported Distribution version matches the reportedly problematic version of Thunar I'll close this bug.