Accepted open-vm-tools 2:11.2.5-2+deb11u3 (source) into oldstable-proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted open-vm-tools 2:11.2.5-2+deb11u3 (source) into oldstable-proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 07 Nov 2023 21:17:46 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: open-vm-tools_11.2.5-2+deb11u3_source.changes
- Debian-source: open-vm-tools
- Debian-suite: oldstable-proposed-updates
- Debian-version: 2:11.2.5-2+deb11u3
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=zedrCM0K4gPKXIbaSFc0jQqUGQ9p3HVPxIS6LAdgb3s=; b=lOH8h0FLg3eft4scn+/MLt4UQb GacagVy7nRT55iMDr1kLA5kS1iv/orJb76EeVsDAsmL7WiZR0gFdt8WfWEhW46uARdKqtSjpu2NRL Sjoig2oLGjHeDfmCrylX6FHkai0eyJetvJeC0I2hiHh5P3RJVmqzecUTKreUEI/8vQkMjEbi/VkLf zPRntRbTs/Pv6CU8qK+tzMV2FpAWFxTidGhnmJqRijRczaqeTOT3pY+2kk+dQ8ri30ath92/jlnMA tlyN4x6kR/dBkX6yGrtLK8sWKO3YV1USijU79eyMwOaf0FoHCi8A6zxrqUgfjXzr4Jb4AWX8whX0s zeOCSRIQ==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1r0TSE-000dFn-HT@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 30 Oct 2023 18:02:12 +0100
Source: open-vm-tools
Architecture: source
Version: 2:11.2.5-2+deb11u3
Distribution: bullseye-security
Urgency: medium
Maintainer: Bernd Zeimetz <bzed@debian.org>
Changed-By: Bernd Zeimetz <bzed@debian.org>
Closes: 1054666
Changes:
open-vm-tools (2:11.2.5-2+deb11u3) bullseye-security; urgency=medium
.
* Closes: #1054666
* [5f241c9] Fixing CVE-2023-34059.
This fixes a file descriptor hijack vulnerability in the vmware-user-suid-wrapper
command. A malicious actor with non-root privileges might have been able to hijack the
/dev/uinput file descriptor allowing them to simulate user inputs.
* [0c3fe2a] Fixing CVE-2023-34058.
This fixes a SAML Token Signature Bypass vulnerability. A malicious actor
that has been granted Guest Operation Privileges in a target virtual
machine might have been able to elevate their privileges if that target
virtual machine has been assigned a more privileged Guest Alias.
Checksums-Sha1:
6a25a3de4c99bbdef3d30c8defd1834f24cbf5a3 2496 open-vm-tools_11.2.5-2+deb11u3.dsc
738ecd78a07d8e9809b8dd190f70a8e606199265 37352 open-vm-tools_11.2.5-2+deb11u3.debian.tar.xz
955fd8dee72124208fcdc91b093e67fb53992c01 5533 open-vm-tools_11.2.5-2+deb11u3_source.buildinfo
Checksums-Sha256:
e20bbd5f994469d2b78af4c2ab0d2c7d442961b05250a5f87888663ee054f100 2496 open-vm-tools_11.2.5-2+deb11u3.dsc
06fa96d0d2f310bfaad5fe6fb4d0f6f5b2e04707bc52ab19383b7752ee7a021e 37352 open-vm-tools_11.2.5-2+deb11u3.debian.tar.xz
ffe0ea84911c3facf6e7bf1d1b1c7696d9f483cc8e123a24b54b813f2b6ab6af 5533 open-vm-tools_11.2.5-2+deb11u3_source.buildinfo
Files:
b615bc3d53f9db07ffdd82358e15e31a 2496 admin optional open-vm-tools_11.2.5-2+deb11u3.dsc
d2af3876625dd7a91a4c3802391106f8 37352 admin optional open-vm-tools_11.2.5-2+deb11u3.debian.tar.xz
ce97f043d492495e901f482a417d778c 5533 admin optional open-vm-tools_11.2.5-2+deb11u3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE7KHj8o4RJDLUhd2V6zYXGm/5Q18FAmVAyCEACgkQ6zYXGm/5
Q1/3CBAAk8Vm07/UvceZYhaObSiWuKjDZTgqKf3sjJWEVeZUsZBmujYJydS2po5M
2FTbTS8TEkfafYNFTb+owLtQhMtij3btWie2TkIZDm9SaQkDQ3sGykGVWKfvvPb7
RAKyg+tl71ZYHfPEGHS1Oqremh3lAwHZOr9sNDGIsuFSaM2GSs/qupSHHMYwGJAd
rNcTiUPvjs+LTrhWVZyHrc5htebMJ15bJ5jUo5Zh7lAeNkcHEaOcXtJoeuLAxxvl
xAHHlCYR1UC22/D+EsgfLQpB+0PNAXxg4Ue0VJi3ujeNOLBOYUdiInJ99lFGlJ9P
18bnTxuP8yequmLyHIgUmChpbwQJbzWQQQ2ur+mYyTlVuzvNk7/ko5ex4R1qLGru
3sAjGzas/UaCfS/8AiVnr6ja4DGWB3lizZwzKZ/WU2Lyt7NfUqwjPRuetF5Ob98/
2OLSEVIpoHVbq9a81eWWsDi7DBlcJ6A3Pboks/bYj87owCX/8RlwGYlEIdBTNwak
vIqNwzScJS7sxy8nt6A337lKhpSpJ27GbmDA1oMLDj/NCHhWu8gc6axC46eI2KB1
cQlbAD7BYdQKRcvIsOybTE82InTr250LNHkm61lvskadXAWarMj18XDlkoDjIpLA
D8/O61M5nPSYL1lzco3TwMTkQ7aVsHPlHDYZ8J18NTLbJse0/4c=
=G0cu
-----END PGP SIGNATURE-----