diff -Nru pcmanfm-1.2.5/debian/changelog pcmanfm-1.2.5/debian/changelog
--- pcmanfm-1.2.5/debian/changelog	2016-12-10 16:54:25.000000000 -0600
+++ pcmanfm-1.2.5/debian/changelog	2017-08-03 17:24:30.000000000 -0500
@@ -1,3 +1,12 @@
+pcmanfm (1.2.5-2ubuntu0.1) zesty-security; urgency=medium
+
+  * SECURITY UPDATE: Fix potential access violation, use runtime user dir
+    instead of tmp dir (LP: #1708542)
+    - fix-CVE-2017-8934.patch
+    - CVE-2017-8934
+
+ -- Simon Quigley <tsimonq2@ubuntu.com>  Thu, 03 Aug 2017 17:24:30 -0500
+
 pcmanfm (1.2.5-2) unstable; urgency=medium
 
   * Removing override_dh_builddeb target from debian/rules, it fails on 32-bit archs.
diff -Nru pcmanfm-1.2.5/debian/control pcmanfm-1.2.5/debian/control
--- pcmanfm-1.2.5/debian/control	2016-12-09 19:40:23.000000000 -0600
+++ pcmanfm-1.2.5/debian/control	2017-08-03 17:24:30.000000000 -0500
@@ -1,7 +1,8 @@
 Source: pcmanfm
 Section: utils
 Priority: optional
-Maintainer: Debian LXDE Maintainers <pkg-lxde-maintainers@lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian LXDE Maintainers <pkg-lxde-maintainers@lists.alioth.debian.org>
 Uploaders:
  Andrew Lee (李健秋) <ajqlee@debian.org>, Andriy Grytsenko <andrej@rep.kiev.ua>
 Build-Depends:
diff -Nru pcmanfm-1.2.5/debian/patches/fix-CVE-2017-8934.patch pcmanfm-1.2.5/debian/patches/fix-CVE-2017-8934.patch
--- pcmanfm-1.2.5/debian/patches/fix-CVE-2017-8934.patch	1969-12-31 18:00:00.000000000 -0600
+++ pcmanfm-1.2.5/debian/patches/fix-CVE-2017-8934.patch	2017-08-03 17:24:01.000000000 -0500
@@ -0,0 +1,45 @@
+Description: Fix potential access violation, use runtime user dir instead of tmp dir.
+ This fixes CVE-2017-8934.
+Author: Andriy Grytsenko <andrej@rep.kiev.ua>
+Origin: upstream
+Bug-Ubuntu: https://pad.lv/1708542
+Applied-Upstream: bc8c3d871e9ecc67c47ff002b68cf049793faf08
+Last-Update: 2017-08-03
+--- a/NEWS
++++ b/NEWS
+@@ -1,3 +1,7 @@
++* Fixed potential access violation, use runtime user dir instead of tmp dir
++    for single instance socket.
++
++
+ Changes on 1.2.5 since 1.2.4:
+ 
+ * Removed options to Cut, Remove and Rename from context menu on mounted
+--- a/src/single-inst.c
++++ b/src/single-inst.c
+@@ -2,7 +2,7 @@
+  *      single-inst.c: simple IPC mechanism for single instance app
+  *
+  *      Copyright 2010 Hong Jen Yee (PCMan) <pcman.tw@gmail.com>
+- *      Copyright 2012 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua>
++ *      Copyright 2012-2017 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua>
+  *
+  *      This program is free software; you can redistribute it and/or modify
+  *      it under the terms of the GNU General Public License as published by
+@@ -404,11 +404,16 @@ static void get_socket_name(SingleInstDa
+     }
+     else
+         dpynum = 0;
++#if GLIB_CHECK_VERSION(2, 28, 0)
++    g_snprintf(buf, len, "%s/%s-socket-%s-%d", g_get_user_runtime_dir(),
++               data->prog_name, host ? host : "", dpynum);
++#else
+     g_snprintf(buf, len, "%s/.%s-socket-%s-%d-%s",
+                 g_get_tmp_dir(),
+                 data->prog_name,
+                 host ? host : "",
+                 dpynum,
+                 g_get_user_name());
++#endif
+ }
+ 
diff -Nru pcmanfm-1.2.5/debian/patches/series pcmanfm-1.2.5/debian/patches/series
--- pcmanfm-1.2.5/debian/patches/series	1969-12-31 18:00:00.000000000 -0600
+++ pcmanfm-1.2.5/debian/patches/series	2017-08-03 17:22:46.000000000 -0500
@@ -0,0 +1 @@
+fix-CVE-2017-8934.patch