Accepted open-vm-tools 2:10.3.10-1+deb10u6 (source) into oldoldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted open-vm-tools 2:10.3.10-1+deb10u6 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 05 Nov 2023 19:20:18 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: open-vm-tools_10.3.10-1+deb10u6_source.changes
- Debian-source: open-vm-tools
- Debian-suite: oldoldstable
- Debian-version: 2:10.3.10-1+deb10u6
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=52SxeV51gsKTzVZP93YPbYa20hwtxYkczkKt5c4secM=; b=WvRHr3ZKeuMkEZckshxdM64rhM ocfzEbRYm12sbqVO3ZTfTX5TZ7uZGCKQfe8g5gbwbJBc0/lN361J2GdIfgUZeQNd9RDoIokp2NF3q cglcM1f3IPvT//cOYAeNZoM0gZnqj4dUF7GM9essnOTvUqdtZGfmySopPNvfwGiVS42FdKcRFnkWm 5bzweK+Hd9wZlb7gz1zDx15S7d4o0wWMwi8UbKJpA7PuOzbQg5GUoPMlmM3t/msptsuc7e2Kf5tUv 851TCimKRrPnGn08XVrwMRJRnkgTLjlHW+S8FliOXpzc3QazjEtN2gCIZpwzxrvcFroJsYKC23UP7 ra87Hg1Q==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1qzifS-00FrQA-N4@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 05 Nov 2023 17:49:49 +0000
Source: open-vm-tools
Architecture: source
Version: 2:10.3.10-1+deb10u6
Distribution: buster-security
Urgency: medium
Maintainer: Bernd Zeimetz <bzed@debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1054666
Changes:
open-vm-tools (2:10.3.10-1+deb10u6) buster-security; urgency=medium
.
* Closes: #1054666
* Fix CVE-2023-34059:
This fixes a file descriptor hijack vulnerability in
the vmware-user-suid-wrapper command.
A malicious actor with non-root privileges might have been able
to hijack the /dev/uinput file descriptor allowing
them to simulate user inputs.
* Fix CVE-2023-34058:
This fixes a SAML Token Signature Bypass vulnerability.
A malicious actor that has been granted Guest Operation Privileges
in a target virtual machine might have been able to
elevate their privileges if that target
virtual machine has been assigned a more privileged Guest Alias.
Checksums-Sha1:
ef48785de8f65acef4d23cda71707068c9783f61 2383 open-vm-tools_10.3.10-1+deb10u6.dsc
fa02653827deb3320cce80cf5554a40aadad0f1d 52120 open-vm-tools_10.3.10-1+deb10u6.debian.tar.xz
6ae185c0f321840917217ccb9fdcde86ea070973 17761 open-vm-tools_10.3.10-1+deb10u6_amd64.buildinfo
Checksums-Sha256:
291251ea9a8afe5fbe9af8022d1ec86c51e01f7cfc21f4cfbd7d19329deda350 2383 open-vm-tools_10.3.10-1+deb10u6.dsc
a409dd2c57050097de51bc5d3174ef967c5fcee27270dcbee8034fd809a6df5e 52120 open-vm-tools_10.3.10-1+deb10u6.debian.tar.xz
81c8f297721a54d7cd24720b97a51c04524ba1dfd7130e29314ec65b591c7684 17761 open-vm-tools_10.3.10-1+deb10u6_amd64.buildinfo
Files:
c520ea22558024426621c8a4d11f73cc 2383 admin extra open-vm-tools_10.3.10-1+deb10u6.dsc
0fbd0e67a28220595c53904ce841e98e 52120 admin extra open-vm-tools_10.3.10-1+deb10u6.debian.tar.xz
dfb1b0f8252adc32afacc06b66388292 17761 admin extra open-vm-tools_10.3.10-1+deb10u6_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmVH6EMRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF94DBAAo5CfhfJkd/S9ahFeJrYEIx0WE7JL+Dr+
hskGscEDdjJX86aqzgCB89FKN8PEvQP/qu9ifJmknEHvT5hsnR6pI1yviy6i2RJZ
8/MSNA1ITRSSIgzFNdBKd9lqmVnWa988HYdegBos7zgRsSAMVp5HQutTmzFxHcpP
ZKWUrqOEIJwDbyy5hHs/25ELMmEK7D7pUw2cFg6+xxfXsYuydxVOYP+4jLxYOU+d
Qkn9Cy+qmXWeWqdlAsKbb7vE6xsufsR5b6tvpD/f/Y5Cqq71M6C/h0eC0G9rdu50
HwC7ot3XiwH33i2xpW+zWdKSZqOFo4mFhVE94nE4LOM9IiOatdqWBsUi8gzTWqlo
A6930jbglojbWTLie0dn95j05/LwcS1/L7ok8Uc87Fsm4yQI2VCot07XGGDUWmsd
MQHw8GGx1GWyR+GXMquxlP4FuQPVglDx+y10irmyrR3HmQ8QQZr7HBFIQFa0/x+o
wYgjahokRVvttBHnH/E92CE6FQcHyoqeoc3oZatmXBVyBx3d2I6nZwwBBKzor6vO
uL1Eb/kEX3DxcFaJYhaX97tRWFC6/mXLIpHHtb90+aGTN2tzYElsigqqiUh8NXIr
9uyunIw0nRdu9DwCBer6ZXGQrhEQPmBFns8WVUzF5OI31CH2BOq6L1a8cMx7Vs9b
tvUv3ZpsHV0=
=hUC9
-----END PGP SIGNATURE-----