[ubuntu/mantic-proposed] open-vm-tools 2:12.2.5-1ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Sep 12 11:26:12 UTC 2023 

open-vm-tools (2:12.2.5-1ubuntu1) mantic; urgency=medium

  * SECURITY UPDATE: SAML token signature bypass vulnerability
    - debian/patches/CVE-2023-20900.patch: Allow only X509 certs to verify
      the SAML token signature in
      open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c.
    - CVE-2023-20900

Date: Mon, 11 Sep 2023 14:43:03 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.2.5-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 11 Sep 2023 14:43:03 -0400
Source: open-vm-tools
Built-For-Profiles: noudeb
Architecture: source
Version: 2:12.2.5-1ubuntu1
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 open-vm-tools (2:12.2.5-1ubuntu1) mantic; urgency=medium
 .
   * SECURITY UPDATE: SAML token signature bypass vulnerability
     - debian/patches/CVE-2023-20900.patch: Allow only X509 certs to verify
       the SAML token signature in
       open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c.
     - CVE-2023-20900
Checksums-Sha1:
 d36d6bf28612fe7a46a45a6e450a285e020f730f 3019 open-vm-tools_12.2.5-1ubuntu1.dsc
 c83b482a2fa2f5e6c15d5a85faee51eb66ce40a5 34712 open-vm-tools_12.2.5-1ubuntu1.debian.tar.xz
 3b6ee57fd906c2557ed7e9f6d8ce0afb16ec492c 22750 open-vm-tools_12.2.5-1ubuntu1_source.buildinfo
Checksums-Sha256:
 3a46f2d72721a96562f7ff08280c5d7fdfe8901ffb47cfa02811c1323f4954f9 3019 open-vm-tools_12.2.5-1ubuntu1.dsc
 e2284ed467b825c0969ca314f9c65f2a0971a1b433aba912ffc83a30929e14cc 34712 open-vm-tools_12.2.5-1ubuntu1.debian.tar.xz
 c57616b576ce636da307227a76158b57a011b1b70f943e895e5bec39bd7963c0 22750 open-vm-tools_12.2.5-1ubuntu1_source.buildinfo
Files:
 50e0598151fd100aef8be5c3cf84cc43 3019 admin optional open-vm-tools_12.2.5-1ubuntu1.dsc
 452901f1ad04811c12c6c529b7954374 34712 admin optional open-vm-tools_12.2.5-1ubuntu1.debian.tar.xz
 715591682d23908c57f3a9673597dda8 22750 admin optional open-vm-tools_12.2.5-1ubuntu1_source.buildinfo
Original-Maintainer: Bernd Zeimetz <bzed at debian.org>

More information about the mantic-changes mailing list