Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted open-vm-tools 2:11.2.5-2+deb11u3 (source) into oldstable-proposed-updates
Date: Tue, 07 Nov 2023 21:17:46 +0000
Signed by: Bernd Zeimetz <bzed@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 30 Oct 2023 18:02:12 +0100
Source: open-vm-tools
Architecture: source
Version: 2:11.2.5-2+deb11u3
Distribution: bullseye-security
Urgency: medium
Maintainer: Bernd Zeimetz <bzed@debian.org>
Changed-By: Bernd Zeimetz <bzed@debian.org>
Closes: 1054666
Changes:
 open-vm-tools (2:11.2.5-2+deb11u3) bullseye-security; urgency=medium
 .
   * Closes:  #1054666
   * [5f241c9] Fixing CVE-2023-34059.
     This fixes a file descriptor hijack vulnerability in the vmware-user-suid-wrapper
     command.  A malicious actor with non-root privileges might have been able to hijack the
     /dev/uinput file descriptor allowing them to simulate user inputs.
   * [0c3fe2a] Fixing CVE-2023-34058.
     This fixes a SAML Token Signature Bypass vulnerability. A malicious actor
     that has been granted Guest Operation Privileges in a target virtual
     machine might have been able to elevate their privileges if that target
     virtual machine has been assigned a more privileged Guest Alias.
Checksums-Sha1:
 6a25a3de4c99bbdef3d30c8defd1834f24cbf5a3 2496 open-vm-tools_11.2.5-2+deb11u3.dsc
 738ecd78a07d8e9809b8dd190f70a8e606199265 37352 open-vm-tools_11.2.5-2+deb11u3.debian.tar.xz
 955fd8dee72124208fcdc91b093e67fb53992c01 5533 open-vm-tools_11.2.5-2+deb11u3_source.buildinfo
Checksums-Sha256:
 e20bbd5f994469d2b78af4c2ab0d2c7d442961b05250a5f87888663ee054f100 2496 open-vm-tools_11.2.5-2+deb11u3.dsc
 06fa96d0d2f310bfaad5fe6fb4d0f6f5b2e04707bc52ab19383b7752ee7a021e 37352 open-vm-tools_11.2.5-2+deb11u3.debian.tar.xz
 ffe0ea84911c3facf6e7bf1d1b1c7696d9f483cc8e123a24b54b813f2b6ab6af 5533 open-vm-tools_11.2.5-2+deb11u3_source.buildinfo
Files:
 b615bc3d53f9db07ffdd82358e15e31a 2496 admin optional open-vm-tools_11.2.5-2+deb11u3.dsc
 d2af3876625dd7a91a4c3802391106f8 37352 admin optional open-vm-tools_11.2.5-2+deb11u3.debian.tar.xz
 ce97f043d492495e901f482a417d778c 5533 admin optional open-vm-tools_11.2.5-2+deb11u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE7KHj8o4RJDLUhd2V6zYXGm/5Q18FAmVAyCEACgkQ6zYXGm/5
Q1/3CBAAk8Vm07/UvceZYhaObSiWuKjDZTgqKf3sjJWEVeZUsZBmujYJydS2po5M
2FTbTS8TEkfafYNFTb+owLtQhMtij3btWie2TkIZDm9SaQkDQ3sGykGVWKfvvPb7
RAKyg+tl71ZYHfPEGHS1Oqremh3lAwHZOr9sNDGIsuFSaM2GSs/qupSHHMYwGJAd
rNcTiUPvjs+LTrhWVZyHrc5htebMJ15bJ5jUo5Zh7lAeNkcHEaOcXtJoeuLAxxvl
xAHHlCYR1UC22/D+EsgfLQpB+0PNAXxg4Ue0VJi3ujeNOLBOYUdiInJ99lFGlJ9P
18bnTxuP8yequmLyHIgUmChpbwQJbzWQQQ2ur+mYyTlVuzvNk7/ko5ex4R1qLGru
3sAjGzas/UaCfS/8AiVnr6ja4DGWB3lizZwzKZ/WU2Lyt7NfUqwjPRuetF5Ob98/
2OLSEVIpoHVbq9a81eWWsDi7DBlcJ6A3Pboks/bYj87owCX/8RlwGYlEIdBTNwak
vIqNwzScJS7sxy8nt6A337lKhpSpJ27GbmDA1oMLDj/NCHhWu8gc6axC46eI2KB1
cQlbAD7BYdQKRcvIsOybTE82InTr250LNHkm61lvskadXAWarMj18XDlkoDjIpLA
D8/O61M5nPSYL1lzco3TwMTkQ7aVsHPlHDYZ8J18NTLbJse0/4c=
=G0cu
-----END PGP SIGNATURE-----

News for package open-vm-tools