Your message dated Wed, 24 Aug 2022 08:37:12 +0000 with message-id <e1oqlsu-00a7c2...@fasolo.debian.org> and subject line Bug#1018012: fixed in open-vm-tools 2:12.1.0-1 has caused the Debian Bug report #1018012, regarding open-vm-tools: CVE-2022-31676: local privilege escalation to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1018012: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018012 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: open-vm-tools Version: 2:12.0.5-2 Severity: grave Tags: security upstream fixed-upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for open-vm-tools. CVE-2022-31676[0]: | VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege | escalation vulnerability. A malicious actor with local non- | administrative access to the Guest OS can escalate privileges as a | root user in the virtual machine. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-31676 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31676 [1] https://www.vmware.com/security/advisories/VMSA-2022-0024.html [2] https://github.com/vmware/open-vm-tools/commit/70a74758bfe0042c27f15ce590fb21a2bc54d745 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: open-vm-tools Source-Version: 2:12.1.0-1 Done: Bernd Zeimetz <b...@debian.org> We believe that the bug you reported is fixed in the latest version of open-vm-tools, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1018...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernd Zeimetz <b...@debian.org> (supplier of updated open-vm-tools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 24 Aug 2022 09:49:58 +0200 Source: open-vm-tools Architecture: source Version: 2:12.1.0-1 Distribution: unstable Urgency: high Maintainer: Bernd Zeimetz <b...@debian.org> Changed-By: Bernd Zeimetz <b...@debian.org> Closes: 1018012 Changes: open-vm-tools (2:12.1.0-1) unstable; urgency=high . * [e704b2c] New upstream version 12.1.0 Closes: #1018012 / CVE-2022-31676 * [f9048c4] Remove patches applied upstream Checksums-Sha1: 0c23e8db6122d5b2751b926ea2c4126ee94fa937 2914 open-vm-tools_12.1.0-1.dsc d223e0804365ad0800c70f8929ace109ba0d6993 1788016 open-vm-tools_12.1.0.orig.tar.xz 1eb4beb135882b797d52b1da8171efb2b479cd3b 33356 open-vm-tools_12.1.0-1.debian.tar.xz 2d391f12940f2565d1ba234763498d0f3b052efb 10778 open-vm-tools_12.1.0-1_source.buildinfo Checksums-Sha256: 318666a6d30c9767a5249702bc40fae8be729cc3ba24967cb4de5fbc0e4845ce 2914 open-vm-tools_12.1.0-1.dsc 2a8951f7959faa5adfa9e4497f0f7bbfbb8e04a65f74d042cc24c1640c4616ac 1788016 open-vm-tools_12.1.0.orig.tar.xz 7486df61ee601ec66f09f015f17aa4f1475c9934e588c99d62f83613d680063c 33356 open-vm-tools_12.1.0-1.debian.tar.xz d561c687024ac594130ea785930f41af313c17cd07f05816c3cd0533de2a9011 10778 open-vm-tools_12.1.0-1_source.buildinfo Files: e5a84eb145441e26672b41109919ab1c 2914 admin optional open-vm-tools_12.1.0-1.dsc cf0da62dae50d81710ada2177c20335c 1788016 admin optional open-vm-tools_12.1.0.orig.tar.xz 212cb6c774357de372f0bceca4d125e5 33356 admin optional open-vm-tools_12.1.0-1.debian.tar.xz 0b35ee131a69ab0388b15d95ee591c57 10778 admin optional open-vm-tools_12.1.0-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE7KHj8o4RJDLUhd2V6zYXGm/5Q18FAmMF3QIACgkQ6zYXGm/5 Q1+1jg/+Jm6Q9Jx3CC7Ll1KTsV+g858sHj988Z6k2axSyyDoRAGF+xeiBxqgi66J deuiVVUOZZRnC1UZOxDzLB0b4wxnfAfi73VP21Ho7KLfEOeXm64bompItaBSd0FD wuBYOiNNQMGPjH6sL2wLnjxV1J7dWpuRAvGdf3te2k6IzPZWOqyXgYDbGZQRwVPn C/tJ6fCqZr+wasuuHvB8GYG53QWFVsm2a7bdSFtavxzS39JMJNXwFpIEsVuVkrBX X1234dYEVjb2KFNCmwey1RsM+AjDH9PG22TJzGTSNcNtVYBWLQc+Q2Hm8Rp9S/Ga VQtoz86hDIcyIDvwimINGrFbBBmOd39RW+eb8axHpfv+oz+paDjCC6yepylFi06C geRCy+/fv4v6QoeGs0PDiD+na6uoTDKyR7dBLbtCOML1kSI0UblIZ8XXtR8a5rhS Mo9n2CqALjf4ydPnYLMXfmIjO/wHeOvAYzHSEcAoUk0A8kykMXWXGZ4hSDw/cVm7 KXWfzefLr1il2YesxiM9j9BsmPsxaH1+dwnDL6P9tLCquoPyCCjgtG/s2tT2OmxV yPvUABPD15HE6w1QCgujDusA4MCTaWG8I2G11xiyjTLrV+3L7vKIhMQtWahYoMUa ka8c7zEQtB7FgVixL1Zqh5V1qDhp75rQdlutDwdvS3k5eFTq0XM= =Gnpm -----END PGP SIGNATURE-----
--- End Message ---
