-
open-vm-tools (2:12.1.5-3ubuntu0.23.04.3) lunar-security; urgency=medium
* SECURITY UPDATE: SAML Bypass
- debian/patches/CVE-2023-34058.patch: don't accept tokens with
unrelated certs in open-vm-tools/vgauth/common/certverify.c,
open-vm-tools/vgauth/common/certverify.h,
open-vm-tools/vgauth/common/prefs.h,
open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c.
- CVE-2023-34058
* SECURITY UPDATE: file descriptor hijack
- debian/patches/CVE-2023-34059.patch: change privilege dropping order
in open-vm-tools/services/vmtoolsd/mainPosix.c,
open-vm-tools/vmware-user-suid-wrapper/main.c.
- CVE-2023-34059
-- Marc Deslauriers <email address hidden> Fri, 27 Oct 2023 07:37:42 -0400
-
open-vm-tools (2:12.1.5-3ubuntu0.23.04.2) lunar-security; urgency=medium
* SECURITY UPDATE: SAML token signature bypass vulnerability
- debian/patches/CVE-2023-20900.patch: Allow only X509 certs to verify
the SAML token signature in
open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c.
- CVE-2023-20900
-- Marc Deslauriers <email address hidden> Mon, 11 Sep 2023 14:45:11 -0400
-
open-vm-tools (2:12.1.5-3ubuntu0.23.04.1) lunar-security; urgency=medium
* SECURITY UPDATE: authentication bypass vulnerability
- debian/patches/CVE-2023-20867.patch: Remove some dead code
- CVE-2023-20867
-- Nishit Majithia <email address hidden> Tue, 25 Jul 2023 09:39:44 +0530
-
open-vm-tools (2:12.1.5-3) unstable; urgency=medium
* [1e4d8a9] Remove libprocps-dev build-dep. (Closes: #1027271)
-- Bernd Zeimetz <email address hidden> Tue, 03 Jan 2023 12:19:05 +0100
-
open-vm-tools (2:12.1.5-2) unstable; urgency=medium
* [f450cf8] Fix building with gRPC 1.51+
Thanks to Laszlo Boszormenyi (GCS) (Closes: #1025491)
-- Bernd Zeimetz <email address hidden> Sat, 24 Dec 2022 16:52:48 +0100
-
open-vm-tools (2:12.1.5-1) unstable; urgency=medium
* [d4a64a2] New upstream version 12.1.5
* [adcd7a9] Remove accidentally added patch backup files
-- Bernd Zeimetz <email address hidden> Wed, 07 Dec 2022 17:30:35 +0100
-
open-vm-tools (2:12.1.0-2) unstable; urgency=medium
[ Debian Janitor ]
* [2d8b9bb] Update lintian override info to new format on line 2.
Changes-By: lintian-brush
Fixes: lintian: mismatched-override
See-also: https://lintian.debian.org/tags/mismatched-override.html
[ Bernd Zeimetz ]
* [fa63406] Move libguestStore.so, libgdp.so to open-vm-tools
(Closes: #1021611) (LP: #1992501)
-- Bernd Zeimetz <email address hidden> Mon, 14 Nov 2022 16:19:10 +0100
-
open-vm-tools (2:12.1.0-1) unstable; urgency=high
* [e704b2c] New upstream version 12.1.0
Closes: #1018012 / CVE-2022-31676
* [f9048c4] Remove patches applied upstream
-- Bernd Zeimetz <email address hidden> Wed, 24 Aug 2022 09:49:58 +0200