Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted open-vm-tools 2:12.2.0-1+deb12u2 (source) into stable-security
Date: Tue, 31 Oct 2023 19:18:36 +0000
Signed by: Bernd Zeimetz <bzed@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 30 Oct 2023 17:59:25 +0100
Source: open-vm-tools
Architecture: source
Version: 2:12.2.0-1+deb12u2
Distribution: bookworm-security
Urgency: medium
Maintainer: Bernd Zeimetz <bzed@debian.org>
Changed-By: Bernd Zeimetz <bzed@debian.org>
Closes: 1054666
Changes:
 open-vm-tools (2:12.2.0-1+deb12u2) bookworm-security; urgency=medium
 .
   * Closes:  #1054666
   * [81326c8] Fixing CVE-2023-34059.
     This fixes a file descriptor hijack vulnerability in the vmware-user-suid-wrapper
     command.  A malicious actor with non-root privileges might have been able to hijack the
     /dev/uinput file descriptor allowing them to simulate user inputs.
   * [95acc49] Fixing CVE-2023-34058.
     This fixes a SAML Token Signature Bypass vulnerability. A malicious actor
     that has been granted Guest Operation Privileges in a target virtual
     machine might have been able to elevate their privileges if that target
     virtual machine has been assigned a more privileged Guest Alias.
Checksums-Sha1:
 6bfc93c62dc26555754cb91846a166389b7ac672 2944 open-vm-tools_12.2.0-1+deb12u2.dsc
 112cd82f38ebb66afb77c2a3c5a5311f86fa0c39 39740 open-vm-tools_12.2.0-1+deb12u2.debian.tar.xz
 2a86f97839b4fa6410d03254d6ba98a590673773 5533 open-vm-tools_12.2.0-1+deb12u2_source.buildinfo
Checksums-Sha256:
 b33137fe8ac9e50003a90026efd74fd20962dfb4e877cc80fe4401187e190e55 2944 open-vm-tools_12.2.0-1+deb12u2.dsc
 86b76972e193a0c41eafa79005c977e24cd619b76a9b0f8f007b36d241ee951a 39740 open-vm-tools_12.2.0-1+deb12u2.debian.tar.xz
 9b93eaff53e9fc75f1923b0ebe29875847f73105e6d96176f645d3e24f5f476d 5533 open-vm-tools_12.2.0-1+deb12u2_source.buildinfo
Files:
 6e5127ce0527f562b666bfaad1108f01 2944 admin optional open-vm-tools_12.2.0-1+deb12u2.dsc
 d1ccff28fec62cbf5d07329bf70e23dc 39740 admin optional open-vm-tools_12.2.0-1+deb12u2.debian.tar.xz
 ea857ce6752e2e5ec7d17600a2a4fad1 5533 admin optional open-vm-tools_12.2.0-1+deb12u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE7KHj8o4RJDLUhd2V6zYXGm/5Q18FAmVAx30ACgkQ6zYXGm/5
Q18yyg//ays29BTKc+OfEtcSwzDgiEu9cjI/qBoVYJLg37Yvl3NJJFnSwBi2fsmO
pK19yyARvyvPvr2bODCIBWb6YyTNHcPMt/frrqNm7cKWDA8YRcLpH3zqBZ1dk0sf
GcbfqXqE6eegEKiLn+srjSj/o+PVcNdKiXAPxd4uushDM/omdFex6EXRCpviNYrR
yD5p4/eg7BqtpeXzYcYp0r6ITjUZ0TEwyPZeYkoInZq+1bWlkjp0gnzseb51bCOP
g1YSpKiydM2xqynWDCYpBMluPZn1VRhlvioZutJlmrf0JhzaWs5rnwXXYXgzd2eM
AaXuP3ufzBlkvw1QvZeRT+WCwhuIc9zNoIRgdxCzinRLnc8x1NXW1m5izyTcGWVA
I+tiK46pSVH7YPZoc+q3jYwkJ7L3YUejJprwJiWeF1FfkvlKqsfii4baiMObJPuu
4SmjC2j1XdO1mpR646OaQkj+h8YSGZbg5O6FPCmkTXPmg1KZ2uCtjF7HoPRFI+C+
PqXMlRb30t8Dgy9s5yUXKBULusTM8VHHmKa7u/WvXhJxukQv5EhsdElZOB2BPK9i
OSGK2zc509etAu9SGNlgN7Htfwp+BedEgOCnxyABxkLtuUiNLGk4KM2DZ/GSTv91
wWaotqX1KGF7ekqHwCV0wbCri9k+jzPnl1XnA2YtKFKRQwigsa0=
=PC5y
-----END PGP SIGNATURE-----
News for package open-vm-tools
