Back to openvswitch PTS page

Accepted openvswitch 2.15.0+ds1-2+deb11u5 (source) into oldstable-proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted openvswitch 2.15.0+ds1-2+deb11u5 (source) into oldstable-proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 18 Mar 2024 22:02:38 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: openvswitch_2.15.0+ds1-2+deb11u5_source.changes
Debian-source: openvswitch
Debian-suite: oldstable-proposed-updates
Debian-version: 2.15.0+ds1-2+deb11u5
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=XsmARIpJU9bNNg9a5Oa4Y9QJvyr4J7I7UrpXN6Z37FE=; b=YdJHm1RYV31SIe00jW9Y+SWGi7 y8N3SkMNFBGF/FAtrxWc4VeV2b0AXK7eqQysNC1OHkT1asmId4SHHc86Q6u5uv8Gg4qe/qRgYF5hI Ep24p3+jKoMERdg2lFnehIop+YRvybS3Dn1F/lbn6TFCxEOHJ3dfajkANPVa2nXOfMvMgrZzKAUSG TGFBM9MT/TEmdtYle7Vw6EhsM4leSHQ5ag9GUBmoM0F/1BKkHdPD3dWQgRoBTatNv/hXr9x7YJvqg F978DYVpICPZI5UT8MLS4MUC57ZGWqHHhJVeSsR0QDPht1KBlLgXi0/cKU0+HWt/F3cUuzptqZO2h If7Qk48g==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1rmL42-00GrBP-Qw@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 25 Feb 2024 15:10:01 +0100
Source: openvswitch
Architecture: source
Version: 2.15.0+ds1-2+deb11u5
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1063492
Changes:
 openvswitch (2.15.0+ds1-2+deb11u5) bullseye-security; urgency=medium
 .
   * CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor
     Advertisement packets between virtual machines to bypass OpenFlow rules.
     This issue may allow a local attacker to create specially crafted packets
     with a modified or spoofed target IP address field that can redirect ICMPv6
     traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks
     on a final stage with ports trie".
     Added additional patches that the LTS team added to fix this:
     - Cherry-pick additional patch adjust-segment-boundary.patch
       to fix test suite for the patch for this CVE.
     - Cherry-pick fix-testcase-ipv6-ND-dependency.patch to fix
       new test ipv6-ND-dependency (added by the previous patch)
   * CVE-2023-3966: Invalid memory access in Geneve with HW offload. Add
     upstream patches (Closes: #1063492):
     - Fix the mask for tunnel metadata length
     - Check geneve metadata length
   * CVE-2024-22563: openvswitch 2.17.8 was discovered to contain a memory leak
     via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Add upstream
     patch "Fix memory leak in ovs_pcap_open".
   * Blacklist unittest 21 - bpf decay, which isn't deterministic.
Checksums-Sha1:
 34a5b7218e922964b920af975a337efb793ee21d 3180 openvswitch_2.15.0+ds1-2+deb11u5.dsc
 cd73853ac6af987b904ca311890f35ce7b139c0e 67576 openvswitch_2.15.0+ds1-2+deb11u5.debian.tar.xz
 576f90d4b59173ae9e80e4dee18d8fcd3ebade48 22311 openvswitch_2.15.0+ds1-2+deb11u5_amd64.buildinfo
Checksums-Sha256:
 a7a45a50decb56523b01dd2bf16aea6ccd31ae2ad83a69811e348a5882627a0d 3180 openvswitch_2.15.0+ds1-2+deb11u5.dsc
 050d4030ad4f8de076e0810e7f177cb23beda7723d5d03bbb268c4fa58e220d2 67576 openvswitch_2.15.0+ds1-2+deb11u5.debian.tar.xz
 0c871396dafa96799ad4a1dc5272b9c1fc56bdba95203514603d959d047f8c15 22311 openvswitch_2.15.0+ds1-2+deb11u5_amd64.buildinfo
Files:
 50af790b543a56acdc0c632255f0b0d3 3180 net optional openvswitch_2.15.0+ds1-2+deb11u5.dsc
 cc3184ba4f964515bc71bd2ec593dfe2 67576 net optional openvswitch_2.15.0+ds1-2+deb11u5.debian.tar.xz
 d8d9f497d90510f16b527c0bd5d38f84 22311 net optional openvswitch_2.15.0+ds1-2+deb11u5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmXxvHEACgkQ1BatFaxr
Q/4Yhg//Uo8Bmaa+39C/8zgTfxEBd1/pkEMMwQRKSrEgPk+hF2uMm4p0hkKu2UPs
iJT6T1nuOG1IUEaR104bUI5QIMcm4xAcrB9IEMmW0tc2cFXZHu33TI61M8djAGjL
NDRTLdsLWg231sZK1A0yN2NH/QfVFFJ5Daobyv4f7iVIQxasCPO0EdjSAAZNAkoR
xURlehbuR/vG+hs3NxqsobOfLXKp7E363WEVP/SfegP4aQuSbkAUJp6Iw30/380P
okmvVHHVRDblMsZzzQtbo9mn+tfSszKed1lxyMc0LpONmKjPHLz0hnOhnWC5SJGK
PenAnRasuNkpLVGr7mvtS5DH5BKMaA4z8Ta/V56mKOQ93HyxY6AozAvgIDyn2xcS
1IIRZfbGoyF6emv4DxWcYI8i+g+0eDHgUfHuB5TFjKDCx/4/adGw2HDoOZBqj+PV
ZjQvfJ89ygO5wHJK65jBKZDYtnrcHhkdIRsAS8VCm5IpqswnCX7AFN67NrVxvaIu
8bFpK42CFIjgrI6TYzbn55868hqco94ApvwKHEqYY366JenQ+wK4S3ukEnqYN0My
64ISOqCrwptUCyt/RFmkTwUYvqUzJt6sBeztm8lXsTI2F58I0ibOS+A2CvnIBZzE
DmtqNjxir0Ttbg9GDnXSl/ROE2lXe6YNsY1dHPAjlBbwn4rRlak=
=e4+J
-----END PGP SIGNATURE-----

Attachment: pgpSmZV_y8MVM.pgp
Description: PGP signature