Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/cinnamon@3.0.4-2~bpo8%2B1
purl pkg:deb/debian/cinnamon@3.0.4-2~bpo8%2B1
Next non-vulnerable version 3.8.8-1
Latest non-vulnerable version 3.8.8-1
Risk 3.6
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-gjqp-j37u-uqbz
Aliases:
CVE-2018-13054
An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content.
3.8.8-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T00:21:55.893412+00:00 Debian Oval Importer Affected by VCID-gjqp-j37u-uqbz https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-11T23:55:29.481422+00:00 Debian Oval Importer Affected by VCID-gjqp-j37u-uqbz https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T23:27:17.894881+00:00 Debian Oval Importer Affected by VCID-gjqp-j37u-uqbz https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0