Accepted open-vm-tools 2:12.2.0-1+deb12u2 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted open-vm-tools 2:12.2.0-1+deb12u2 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 04 Nov 2023 12:47:09 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: open-vm-tools_12.2.0-1+deb12u2_source.changes
- Debian-source: open-vm-tools
- Debian-suite: proposed-updates
- Debian-version: 2:12.2.0-1+deb12u2
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=UiYj1R0dT4erlD8Pcc27Ptsz6yFBi2cNTCZAiY5vFbE=; b=PnmM6Fw0orgSstAOyxTb5/5Ir1 zqD5DoLMvn3t3/YCq5qyf/5eU084ezFnKwkRrSe8xgi8DKG6Zn1oLy975eCXyljIbr0HiZkzOiPE/ z2zolHh5DVIVXgJe57C9AfqC6gRrO6KmYFQTu2520Zo9L5w/3CGnAmb8FI4e+u6BwuJK1d8K26uZN GCaTbxZqt5Ft77ZrC5ONxg/DIOz0d022TAyqT8AvzyCRqJlLw5eJLDMssfckFT4a60wvhXQoqZ0Xb 16xhpmKltB+zq+SDUyYb9wiBR1yZyIERCc/K4ltKg64yvsxTXp3F+D98ZdhB4HxlzMsOMIGanXdLw RT156CpA==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1qzG3R-001I7m-Aw@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 30 Oct 2023 17:59:25 +0100
Source: open-vm-tools
Architecture: source
Version: 2:12.2.0-1+deb12u2
Distribution: bookworm-security
Urgency: medium
Maintainer: Bernd Zeimetz <bzed@debian.org>
Changed-By: Bernd Zeimetz <bzed@debian.org>
Closes: 1054666
Changes:
open-vm-tools (2:12.2.0-1+deb12u2) bookworm-security; urgency=medium
.
* Closes: #1054666
* [81326c8] Fixing CVE-2023-34059.
This fixes a file descriptor hijack vulnerability in the vmware-user-suid-wrapper
command. A malicious actor with non-root privileges might have been able to hijack the
/dev/uinput file descriptor allowing them to simulate user inputs.
* [95acc49] Fixing CVE-2023-34058.
This fixes a SAML Token Signature Bypass vulnerability. A malicious actor
that has been granted Guest Operation Privileges in a target virtual
machine might have been able to elevate their privileges if that target
virtual machine has been assigned a more privileged Guest Alias.
Checksums-Sha1:
6bfc93c62dc26555754cb91846a166389b7ac672 2944 open-vm-tools_12.2.0-1+deb12u2.dsc
112cd82f38ebb66afb77c2a3c5a5311f86fa0c39 39740 open-vm-tools_12.2.0-1+deb12u2.debian.tar.xz
2a86f97839b4fa6410d03254d6ba98a590673773 5533 open-vm-tools_12.2.0-1+deb12u2_source.buildinfo
Checksums-Sha256:
b33137fe8ac9e50003a90026efd74fd20962dfb4e877cc80fe4401187e190e55 2944 open-vm-tools_12.2.0-1+deb12u2.dsc
86b76972e193a0c41eafa79005c977e24cd619b76a9b0f8f007b36d241ee951a 39740 open-vm-tools_12.2.0-1+deb12u2.debian.tar.xz
9b93eaff53e9fc75f1923b0ebe29875847f73105e6d96176f645d3e24f5f476d 5533 open-vm-tools_12.2.0-1+deb12u2_source.buildinfo
Files:
6e5127ce0527f562b666bfaad1108f01 2944 admin optional open-vm-tools_12.2.0-1+deb12u2.dsc
d1ccff28fec62cbf5d07329bf70e23dc 39740 admin optional open-vm-tools_12.2.0-1+deb12u2.debian.tar.xz
ea857ce6752e2e5ec7d17600a2a4fad1 5533 admin optional open-vm-tools_12.2.0-1+deb12u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE7KHj8o4RJDLUhd2V6zYXGm/5Q18FAmVAx30ACgkQ6zYXGm/5
Q18yyg//ays29BTKc+OfEtcSwzDgiEu9cjI/qBoVYJLg37Yvl3NJJFnSwBi2fsmO
pK19yyARvyvPvr2bODCIBWb6YyTNHcPMt/frrqNm7cKWDA8YRcLpH3zqBZ1dk0sf
GcbfqXqE6eegEKiLn+srjSj/o+PVcNdKiXAPxd4uushDM/omdFex6EXRCpviNYrR
yD5p4/eg7BqtpeXzYcYp0r6ITjUZ0TEwyPZeYkoInZq+1bWlkjp0gnzseb51bCOP
g1YSpKiydM2xqynWDCYpBMluPZn1VRhlvioZutJlmrf0JhzaWs5rnwXXYXgzd2eM
AaXuP3ufzBlkvw1QvZeRT+WCwhuIc9zNoIRgdxCzinRLnc8x1NXW1m5izyTcGWVA
I+tiK46pSVH7YPZoc+q3jYwkJ7L3YUejJprwJiWeF1FfkvlKqsfii4baiMObJPuu
4SmjC2j1XdO1mpR646OaQkj+h8YSGZbg5O6FPCmkTXPmg1KZ2uCtjF7HoPRFI+C+
PqXMlRb30t8Dgy9s5yUXKBULusTM8VHHmKa7u/WvXhJxukQv5EhsdElZOB2BPK9i
OSGK2zc509etAu9SGNlgN7Htfwp+BedEgOCnxyABxkLtuUiNLGk4KM2DZ/GSTv91
wWaotqX1KGF7ekqHwCV0wbCri9k+jzPnl1XnA2YtKFKRQwigsa0=
=PC5y
-----END PGP SIGNATURE-----