diff -Nru open-vm-tools-12.1.5/debian/changelog open-vm-tools-12.1.5/debian/changelog
--- open-vm-tools-12.1.5/debian/changelog	2023-07-25 04:09:44.000000000 +0000
+++ open-vm-tools-12.1.5/debian/changelog	2023-09-11 18:45:11.000000000 +0000
@@ -1,3 +1,13 @@
+open-vm-tools (2:12.1.5-3ubuntu0.23.04.2) lunar-security; urgency=medium
+
+  * SECURITY UPDATE: SAML token signature bypass vulnerability
+    - debian/patches/CVE-2023-20900.patch: Allow only X509 certs to verify
+      the SAML token signature in
+      open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c.
+    - CVE-2023-20900
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 11 Sep 2023 14:45:11 -0400
+
 open-vm-tools (2:12.1.5-3ubuntu0.23.04.1) lunar-security; urgency=medium
 
   * SECURITY UPDATE: authentication bypass vulnerability
diff -Nru open-vm-tools-12.1.5/debian/patches/CVE-2023-20900.patch open-vm-tools-12.1.5/debian/patches/CVE-2023-20900.patch
--- open-vm-tools-12.1.5/debian/patches/CVE-2023-20900.patch	1970-01-01 00:00:00.000000000 +0000
+++ open-vm-tools-12.1.5/debian/patches/CVE-2023-20900.patch	2023-09-11 18:45:06.000000000 +0000
@@ -0,0 +1,27 @@
+From 74b6d0d9000eda1a2c8f31c40c725fb0b8520b16 Mon Sep 17 00:00:00 2001
+From: Katy Feng <fkaty@vmware.com>
+Date: Fri, 25 Aug 2023 11:58:48 -0700
+Subject: [PATCH] Allow only X509 certs to verify the SAML token signature.
+
+---
+ open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
++++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
+@@ -1335,7 +1335,14 @@ VerifySignature(xmlDocPtr doc,
+     */
+    bRet = RegisterID(xmlDocGetRootElement(doc), "ID");
+    if (bRet == FALSE) {
+-      g_warning("failed to register ID\n");
++      g_warning("Failed to register ID\n");
++      goto done;
++   }
++
++   /* Use only X509 certs to validate the signature */
++   if (xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),
++                        BAD_CAST xmlSecKeyDataX509Id) < 0) {
++      g_warning("Failed to limit allowed key data\n");
+       goto done;
+    }
+ 
diff -Nru open-vm-tools-12.1.5/debian/patches/series open-vm-tools-12.1.5/debian/patches/series
--- open-vm-tools-12.1.5/debian/patches/series	2023-07-25 03:36:55.000000000 +0000
+++ open-vm-tools-12.1.5/debian/patches/series	2023-09-11 18:45:06.000000000 +0000
@@ -2,3 +2,4 @@
 debian/scsi-udev-rule
 debian/grpc_1.51
 CVE-2023-20867.patch
+CVE-2023-20900.patch