Debian Bug report logs -
#1037546
open-vm-tools version 12.2.5 has been released - please rebase
Reported by: John Wolfe <jwolfe@vmware.com>
Date: Tue, 13 Jun 2023 23:21:02 UTC
Severity: normal
Tags: security
Found in version open-vm-tools/2:12.2.0-1
Fixed in version open-vm-tools/2:12.2.5-1
Done: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Bernd Zeimetz <bzed@debian.org>:
Bug#1037546; Package open-vm-tools.
(Tue, 13 Jun 2023 23:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to John Wolfe <jwolfe@vmware.com>:
New Bug report received and forwarded. Copy sent to Bernd Zeimetz <bzed@debian.org>.
(Tue, 13 Jun 2023 23:21:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: open-vm-tools
Version: 2:12.2.5
open-vm-tools 12.2.5 was released on June 13, 2023.
There are no new features in the open-vm-tools 12.2.5 release. This is primarily a maintenance release that addresses a single critical problem:
* Address CVE-2023-20867 announced in https://www.vmware.com/security/advisories/VMSA-2023-0013.html
For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-12.2.5
Release Notes are available at: https://github.com/vmware/open-vm-tools/blob/stable-12.2.5/ReleaseNotes.md
The granular changes that have gone into the 12.2.5 release are in the ChangeLog at: https://github.com/vmware/open-vm-tools/blob/stable-12.2.5/open-vm-tools/ChangeLog
Patches applicable to previous open-vm-tools releases are available at https://github.com/vmware/open-vm-tools/tree/CVE-2023-20867.patch
[Message part 2 (text/html, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Bernd Zeimetz <bzed@debian.org>:
Bug#1037546; Package open-vm-tools.
(Tue, 11 Jul 2023 12:57:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Christian Ehrhardt <christian.ehrhardt@canonical.com>:
Extra info received and forwarded to list. Copy sent to Bernd Zeimetz <bzed@debian.org>.
(Tue, 11 Jul 2023 12:57:03 GMT) (full text, mbox, link).
Message #10 received at 1037546@bugs.debian.org (full text, mbox, reply):
Hi,
I've had a look and these are really straight forward.
I prepared salsa PRs at
https://salsa.debian.org/vmware-packaging-team/pkg-open-vm-tools/-/merge_requests/17
https://salsa.debian.org/vmware-packaging-team/pkg-open-vm-tools/-/merge_requests/18
https://salsa.debian.org/vmware-packaging-team/pkg-open-vm-tools/-/merge_requests/19
I hope Bernd has some time to give them a look, if not I can still
upload in a bit (probably next week to give him the chance over the
weekend).
--
Christian Ehrhardt
Senior Staff Engineer and acting Director, Ubuntu Server
Canonical Ltd
Information forwarded
to debian-bugs-dist@lists.debian.org, Bernd Zeimetz <bzed@debian.org>:
Bug#1037546; Package open-vm-tools.
(Wed, 19 Jul 2023 10:45:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Christian Ehrhardt <christian.ehrhardt@canonical.com>:
Extra info received and forwarded to list. Copy sent to Bernd Zeimetz <bzed@debian.org>.
(Wed, 19 Jul 2023 10:45:09 GMT) (full text, mbox, link).
Message #15 received at 1037546@bugs.debian.org (full text, mbox, reply):
Hi,
just as FYI I've not got any response from Bernd on IRC, bug, salsa so
I went ahead and uploaded this.
Bryce will soon merge this in Ubuntu and go through some deeper
testing together with vmware - so we should soon know if any issue
hides and needs to be fixed.
--
Christian Ehrhardt
Senior Staff Engineer and acting Director, Ubuntu Server
Canonical Ltd
Added tag(s) pending.
Request was from Christian Ehrhardt <christian.ehrhardt@canonical.com>
to control@bugs.debian.org.
(Wed, 19 Jul 2023 10:48:03 GMT) (full text, mbox, link).
Reply sent
to Christian Ehrhardt <christian.ehrhardt@canonical.com>:
You have taken responsibility.
(Wed, 19 Jul 2023 10:51:06 GMT) (full text, mbox, link).
Notification sent
to John Wolfe <jwolfe@vmware.com>:
Bug acknowledged by developer.
(Wed, 19 Jul 2023 10:51:06 GMT) (full text, mbox, link).
Message #22 received at 1037546-close@bugs.debian.org (full text, mbox, reply):
Source: open-vm-tools
Source-Version: 2:12.2.5-1
Done: Christian Ehrhardt <christian.ehrhardt@canonical.com>
We believe that the bug you reported is fixed in the latest version of
open-vm-tools, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1037546@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Ehrhardt <christian.ehrhardt@canonical.com> (supplier of updated open-vm-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 11 Jul 2023 13:22:07 +0200
Source: open-vm-tools
Built-For-Profiles: noudeb
Architecture: source
Version: 2:12.2.5-1
Distribution: unstable
Urgency: medium
Maintainer: Bernd Zeimetz <bzed@debian.org>
Changed-By: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Closes: 1037546
Changes:
open-vm-tools (2:12.2.5-1) unstable; urgency=medium
.
* [8c0c33f] New upstream version 12.2.5
(Closes: #1037546)
CVE-2023-20867
* [232810e] d/p/*: add DEP-3 patch headers
Checksums-Sha1:
de8f40ee886bcf7fedd9003419e34c2bd43fe740 2912 open-vm-tools_12.2.5-1.dsc
c8b127827a7443754d93e4c4a823604bc38aa2bf 2974279 open-vm-tools_12.2.5.orig.tar.gz
e90b1bc77f46bd3e7c92ce3b746f24b0e5efb574 34084 open-vm-tools_12.2.5-1.debian.tar.xz
c3913d40115a3de4273a613f418f451f03945796 17510 open-vm-tools_12.2.5-1_source.buildinfo
Checksums-Sha256:
164b25cdfc6f8e950b06b5f5afe5bd50d688f859cea5158dbc6b24d9139f27de 2912 open-vm-tools_12.2.5-1.dsc
8cf14932fde137d9079891c1c08ac8f41024de0af90e8ff3707fe0e66c687775 2974279 open-vm-tools_12.2.5.orig.tar.gz
2e5425e6ea5fc63d2dc9169e0420e69492cf1a195e005cac29ff31fb6c4b66f4 34084 open-vm-tools_12.2.5-1.debian.tar.xz
c9947de7c1d960ebd08beadd99dc0306ba0eac77b53cdcf29a0f506e1baf7580 17510 open-vm-tools_12.2.5-1_source.buildinfo
Files:
49bcf11385307d4abc9cca62c9253962 2912 admin optional open-vm-tools_12.2.5-1.dsc
dfb214ea6f583a29eb38b9af7eda40c2 2974279 admin optional open-vm-tools_12.2.5.orig.tar.gz
2c172f9c3eb6f08e51d96b7edbe186bb 34084 admin optional open-vm-tools_12.2.5-1.debian.tar.xz
e6319b0a18a53ba65907d25ae556fc9d 17510 admin optional open-vm-tools_12.2.5-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEktYY9mjyL47YC+71uj4pM4KAskIFAmS3vA4ACgkQuj4pM4KA
skJyaw//RsneVYaZDeQ7yMbIkUtZ6MiOyEUNRJb7m5LNuBf6/0Ut11azh4h9mmXA
dpyLaDZ58rsudDk9AR+kWe7ZrE9DFnNsIiYBL6kv4MJ3g4aT3ttrtXc+z+Jo/kK0
xv2UzHc3lrJmrlycc9+CPlSZcOCLivQnkzEBA6av++VPfca0hWrTy69ebFhF2EqZ
fjwyoh6mYiMYtzKwvYTl1kCeXi3G1cXbaxV02BYAb+hvFoT6fx8EMu/CynAYyTh4
PvOEyPGOZWSIw2Ia+sGS6cg0Fk9HYePgTFXdqTHPfuzPIul7OeMKOsEBft1E/7mb
wuTVy2eW+K2BA7iSZsNSXKhsByIRy7CnOOut2of/+ETtIACugVntjbFrfAHBaUFX
V1TZ5QnQSu1rCQk/upBRt/fuklTv1g+NkGWdnMdYvfWvZOPi3nndnssYpGXzBO4Q
lgmFBgT6407l9Ty/cP6MtL2i9rSw261QgWthOdJQX1aB1FxfKjBC/pdhp3xz5xp4
FGUYYpiEWamW56n0xXkuUa7EGNENXZ13j1l8NugBna72lC0xj95pRuDVO0LfJ+4O
z6Lq5Bmfr2kiaRNLt3hp4JATnhfDoXUBAsjTEAGPdl4rUI4pZ/Ak2s3L+PGJ5V9q
hs6jhKDlBAazatAp/C+koF5xvgCQmgRYZNX02sFeTonTb52vylc=
=0piJ
-----END PGP SIGNATURE-----
Added tag(s) security.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 19 Jul 2023 20:24:03 GMT) (full text, mbox, link).
Marked as found in versions open-vm-tools/2:12.2.0-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 19 Jul 2023 20:24:03 GMT) (full text, mbox, link).
No longer marked as found in versions 2:12.2.5.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 19 Jul 2023 20:24:04 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Jul 20 11:54:49 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon