Accepted open-vm-tools 2:12.2.0-1+deb12u1 (source amd64) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted open-vm-tools 2:12.2.0-1+deb12u1 (source amd64) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 12 Sep 2023 18:47:19 +0000
- Debian: DAK
- Debian-architecture: source amd64
- Debian-archive-action: accept
- Debian-changes: open-vm-tools_12.2.0-1+deb12u1_amd64.changes
- Debian-source: open-vm-tools
- Debian-suite: proposed-updates
- Debian-version: 2:12.2.0-1+deb12u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=21mm/BLBMSQIDt/+AmmFUh78VPz+h/OzERHbOjU7xvY=; b=RtoMVbcTAUslqm8GyI0dZex+wZ 7YS+n+UZmJljHFopR5k8fxPmUAPncvCEZeCfFTMsZYTDNM1h1wo6WUfw2QIf68nfBPNqfe4DXuGEV FqJbkevHbHXF+AWSqs5RxBss48xAM7cqsRWbpU3IOF7EgCPvxFGHHMszN9/jKW3QTj0C9Cdu6sAON t/SoYdnuaZzgy47qfEzNyU47+jp9q5157prNSpiARWR2VGIyEyF9ccj6BcFLe5EqP1HSJu97XeVkJ Bd3QtB3JkaVutRdz0nFVkRNIteuY2H0mWn4V+LM5bqfZskQlj8lyYnZzrSYY5CoypiEotDxwnoEyI XpDWAOPQ==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1qg8Pv-00ERYC-N6@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 06 Sep 2023 20:01:06 +0200
Source: open-vm-tools
Binary: open-vm-tools open-vm-tools-containerinfo open-vm-tools-containerinfo-dbgsym open-vm-tools-dbgsym open-vm-tools-desktop open-vm-tools-desktop-dbgsym open-vm-tools-dev open-vm-tools-salt-minion open-vm-tools-sdmp open-vm-tools-sdmp-dbgsym
Architecture: source amd64
Version: 2:12.2.0-1+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Bernd Zeimetz <bzed@debian.org>
Changed-By: Bernd Zeimetz <bzed@debian.org>
Description:
open-vm-tools - Open VMware Tools for virtual machines hosted on VMware (CLI)
open-vm-tools-containerinfo - Open VMware Tools for VMs hosted on VMware (Service Discovery Plu
open-vm-tools-desktop - Open VMware Tools for virtual machines hosted on VMware (GUI)
open-vm-tools-dev - Open VMware Tools for virtual machines hosted on VMware (developm
open-vm-tools-salt-minion - Open VMware Tools for VMs hosted on VMware (Service Discovery Plu
open-vm-tools-sdmp - Open VMware Tools for VMs hosted on VMware (Service Discovery Plu
Closes: 1050970
Changes:
open-vm-tools (2:12.2.0-1+deb12u1) bookworm-security; urgency=medium
.
* [3812674] Fixing CVE-2023-20867, CVE-2023-20900
- Authentication Bypass vulnerability in VMware Tools (CVE-2023-20867)
A fully compromised ESXi host can force VMware Tools to fail to
authenticate host-to-guest operations, impacting the confidentiality
and integrity of the guest virtual machine.
- SAML token signature bypass vulnerability (CVE-2023-20900)
A malicious actor with man-in-the-middle (MITM) network positioning
between vCenter server and the virtual machine may be able to bypass
SAML token signature verification, to perform VMware Tools Guest
Operations. (Closes: #1050970)
* [fb0ab84] Updating gitlab CI and GBP to build in bookworm
Checksums-Sha1:
a2f8437766cff2f597ecf4c49eb2eaf23011e86b 2969 open-vm-tools_12.2.0-1+deb12u1.dsc
723692c71ad95322ea0d7ca3dab76e888bbe052d 1801276 open-vm-tools_12.2.0.orig.tar.xz
cbd9d85920d306554d937ef04b1858a7dc01447e 36212 open-vm-tools_12.2.0-1+deb12u1.debian.tar.xz
4b1490469b12bcf35ec32665bd778ae260c5c5e4 3188304 open-vm-tools-containerinfo-dbgsym_12.2.0-1+deb12u1_amd64.deb
675933e7199f8a4a6925fcce09658eac48b4e546 170120 open-vm-tools-containerinfo_12.2.0-1+deb12u1_amd64.deb
d90b9fed5119df359e41344261c0cca6a0ec9021 2735972 open-vm-tools-dbgsym_12.2.0-1+deb12u1_amd64.deb
2e907d2d7c2ed88d269a00e587d24eb65e9b0384 1552080 open-vm-tools-desktop-dbgsym_12.2.0-1+deb12u1_amd64.deb
e0aaf0c0e8b2b42c14d24bae63312796eb751501 151636 open-vm-tools-desktop_12.2.0-1+deb12u1_amd64.deb
7808ab4c5fb6c52e67484509c79292f6bf3110f2 509764 open-vm-tools-dev_12.2.0-1+deb12u1_amd64.deb
be545eb25c9bd9880c39e10f8b23409815d274e4 26632 open-vm-tools-salt-minion_12.2.0-1+deb12u1_amd64.deb
5bde11f939104f5e2505a07d97e4f938cdaf66f9 23684 open-vm-tools-sdmp-dbgsym_12.2.0-1+deb12u1_amd64.deb
b39ce5741381cac764bcb2d252789938f210ac1c 24752 open-vm-tools-sdmp_12.2.0-1+deb12u1_amd64.deb
bac665ad9f9833d95fd5c70547a40c9e1d5b18c2 25039 open-vm-tools_12.2.0-1+deb12u1_amd64.buildinfo
d6c3c5044e8d6f72659e8792ee36bccbd90e1ea2 685748 open-vm-tools_12.2.0-1+deb12u1_amd64.deb
Checksums-Sha256:
9e01b022bbbeb65c93633b77ad096e7607d80b38a13643fa8b0efc5e55c38881 2969 open-vm-tools_12.2.0-1+deb12u1.dsc
5fe62c535812358031c8157727803601885ffb82b3d41032c80415fbaa576ec5 1801276 open-vm-tools_12.2.0.orig.tar.xz
3e9f7b69e8b16d13896615f05375825eb8ee258db51496e2b4aaf7383fda2e88 36212 open-vm-tools_12.2.0-1+deb12u1.debian.tar.xz
02cf7418ddc9b4f045696bb283c074590bc2eef07b7cf03873a99753d492b7c6 3188304 open-vm-tools-containerinfo-dbgsym_12.2.0-1+deb12u1_amd64.deb
434f07401221dc68adb7ec2508e935e3a8e0a5e189a5a184ba967a8652ccb7fb 170120 open-vm-tools-containerinfo_12.2.0-1+deb12u1_amd64.deb
159c719bef72fec5a25c3d13254c9143079d1cbc3be488a0d0849895d0f020af 2735972 open-vm-tools-dbgsym_12.2.0-1+deb12u1_amd64.deb
ca67244e7582996935bdd007cc2f72da4b8632ee851caa6f918b207e87de09f9 1552080 open-vm-tools-desktop-dbgsym_12.2.0-1+deb12u1_amd64.deb
40148fc2ac55ee68f46d254fa347119dd7809c41b987490705d1e438c2a88cd6 151636 open-vm-tools-desktop_12.2.0-1+deb12u1_amd64.deb
ed296edbecc2c4520079ab1fadb8c070c92256627eb0aa2f6705ab5a4e43dec6 509764 open-vm-tools-dev_12.2.0-1+deb12u1_amd64.deb
843f83deeef1a0886b515edacaaf43ed485b00ac38a1da966762442d0cc1d45a 26632 open-vm-tools-salt-minion_12.2.0-1+deb12u1_amd64.deb
5edb9a880cbcb4cc390598bc94c04755917aa301cb574385eacc0c78802cd940 23684 open-vm-tools-sdmp-dbgsym_12.2.0-1+deb12u1_amd64.deb
30ec8ebdfbc16b28bad0ec76d3a7a90d53007eb940d5adcb2768dcbc7bf8b47c 24752 open-vm-tools-sdmp_12.2.0-1+deb12u1_amd64.deb
f29a916bc575e4d0acdd81432c3dc9446e30c87e32de05c93ae11257d3f35813 25039 open-vm-tools_12.2.0-1+deb12u1_amd64.buildinfo
71bbe9f7d49ddbef91d842bea243862a7b9870f623cbbf1c4de93c58584bdcd8 685748 open-vm-tools_12.2.0-1+deb12u1_amd64.deb
Files:
d1165e31f16bea9e17be96b8b23ed882 2969 admin optional open-vm-tools_12.2.0-1+deb12u1.dsc
ae95b00298a92b1f5c64873bd06c98e4 1801276 admin optional open-vm-tools_12.2.0.orig.tar.xz
7a20b7cff35d64b27e99dc4a72e449c5 36212 admin optional open-vm-tools_12.2.0-1+deb12u1.debian.tar.xz
4daf2c0a2b527fab37fbea676b782d22 3188304 debug optional open-vm-tools-containerinfo-dbgsym_12.2.0-1+deb12u1_amd64.deb
ddcb43ddfd923b5cd2b7214259686c64 170120 admin optional open-vm-tools-containerinfo_12.2.0-1+deb12u1_amd64.deb
cd8a16989c9a91a5d75488d672a97a15 2735972 debug optional open-vm-tools-dbgsym_12.2.0-1+deb12u1_amd64.deb
af555e6900a25faf1a9c1d385d9eb606 1552080 debug optional open-vm-tools-desktop-dbgsym_12.2.0-1+deb12u1_amd64.deb
cdd187496da857de7216448c4a09c0c6 151636 admin optional open-vm-tools-desktop_12.2.0-1+deb12u1_amd64.deb
11174b13cad1c3e9f1a4fa2b03247d10 509764 devel optional open-vm-tools-dev_12.2.0-1+deb12u1_amd64.deb
40c0026c1472dce8455697e2919c6c11 26632 admin optional open-vm-tools-salt-minion_12.2.0-1+deb12u1_amd64.deb
240414ebb3a297b888cee4272926f2ee 23684 debug optional open-vm-tools-sdmp-dbgsym_12.2.0-1+deb12u1_amd64.deb
775339e7186488fb9cfa63dfd98a411c 24752 admin optional open-vm-tools-sdmp_12.2.0-1+deb12u1_amd64.deb
ec6bb8bac23c1235111cdf8c312db994 25039 admin optional open-vm-tools_12.2.0-1+deb12u1_amd64.buildinfo
01adb657fa82ee48639f68d075b85596 685748 admin optional open-vm-tools_12.2.0-1+deb12u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEE7KHj8o4RJDLUhd2V6zYXGm/5Q18FAmT58asQHGJ6ZWRAZGVi
aWFuLm9yZwAKCRDrNhcab/lDX24gEAC2F0hSOQNdDXX4tgPh+KNn5Q5a/qBwVPDn
gCpPQzlLuroQPMSHomACHZUI21vvdyGD3G6BbGOb4Fb8llaBcr1IuAD6YodAlM9s
7xTEm1/GbfFgahlRif+vQxt6rp3tS/435L05Kyk52PZgz2cMKBKmGuAB0zsNOr80
MUx0K3OK8pQOFwZEILFwQOkT1XrpSHQK+XaTmqAobEBaz3pMrY9Bjdff//toV6hz
Jjkg7KkPkfepRIjhioqXprwwMmt86Er0gSKm8CiCbCxq+iVdobvIkpBRKvtqjfJv
cm/Hk89PH7dY7Ls9QPFLxyoZAG4g85h07jLWSDtn1lQpgDqqbvDps8iL6uAI1/R4
8qf1nDoOIGdkEgOePXU6BdzeNchBDexR6/vYNK067uNNAYI8LcX/BOiO/kTw0FYw
aX2LBypWm2WlxMkuRtbTfpiY2J9UieeJDk0X+PyGzTL0oShwBhfNFVWrXrTTsHdE
USsU7PdGSXPXvFI9MmIqWizGK0yg+TwXSr/3crIf8zSUviNHykzU5BocXxH6GtHa
BELsEQeUa3x2hZw/LZ3+X/4BPVHcRQ93+EYptWGQsBZVIc3XWmNmHpBFX+3TZIa5
7C+LJs1GIKiVNyxqu5noBTlmFfaAik4GCCykNZuatXkem1YgzGgECqCR8Tje5D2v
5gHSrvZDbw==
=i+Fs
-----END PGP SIGNATURE-----